The only way to test backend at the moment is to establish an offline session for a user via the one-off in-browser sign-in, with use of the refresh tokens.
After that the tests infrastructure could maintain a long-running auth session for that user, exchanging the tokens on expiry. The access token in that case would be identical to the one your users receive in-browser.
What you should do is:
In order to rotate tokens in test environment, call https://<your_subdomain>.[kinde.com/oauth2/token](<http://kinde.com/oauth2/token>) with refresh token stored in secret manager (such as github secrets ) at the very beginning of test (such as jest-setup.js), and store returned refresh token on secret manager, and set access token to process.env to use in tests.
Here's the documentation about the rotation
https://kinde.com/docs/developer-tools/refresh-tokens/#how-to-get-a-refresh-token
You need to POST to the token endpoint with the grantType=refresh_token & payload of the refresh token.
In response you'll receive the new set of tokens.
You don't need authorization header, and instead you'd need to add the "refresh_token": "your_refresh_token" to the request data, curl look something like this
curl --location 'https://<your_domain>/oauth2/token' \\
--header 'Content-Type: application/x-www-form-urlencoded' \\
--data-urlencode 'client_id=<your_client_id>' \\
--data-urlencode 'grant_type=refresh_token' \\
--data-urlencode 'refresh_token=<stored_refresh_token>'
There is one thing to keep in mind, after the exchange, the old refresh token would become invalid after the access token expire.
The response will include both access and the refresh token, so the next time the new exchange token needs to be used if issued.