Testing

Before deploying to production, thoroughly test your integration to ensure everything works correctly.

Testing Checklist

Token Endpoint

• Endpoint returns a valid JWT token
• Token includes all required claims (iss, aud, sub, exp, iat)
• Token includes required claims (name, email) and optional avatar_url
• Token is signed correctly with RS256
• Token expiration is set appropriately (5 minutes recommended)
• Endpoint requires authentication (user must be logged in)
• Endpoint handles errors gracefully

Embed Script

• Script loads without errors
• Script doesn't block page rendering
• Script configuration matches your settings
• Script URL is correct

Trigger Functionality

• Floating button appears (if using floating button)
• Custom triggers work (if using custom trigger)
• Form opens when triggered
• Form appears in correct presentation mode

Authentication

• User is authenticated correctly
• Feedback submissions are attributed to the correct user
• User information (name, email, avatar) displays correctly
• Token expiration is handled gracefully

Form Functionality

• Users can submit feedback
• Users can view existing feedback
• Users can vote on feedback
• Users can comment on feedback
• Form works on mobile devices
• Form works in different browsers

Security

• Only allowed origins can embed the board
• Tokens expire correctly
• Invalid tokens are rejected
• Rate limiting is working (if implemented)

Testing Scenarios

Test with Different Users

1. Log in as different users in your application
2. Open the embedded feedback form
3. Submit feedback as each user
4. Verify each user's feedback is attributed correctly
5. Check that user information displays properly

Test Token Expiration

1. Generate a token
2. Wait for it to expire (or set a very short expiration)
3. Try to use the expired token
4. Verify it's rejected appropriately
5. Verify the form requests a new token

Test Invalid Tokens

1. Try tokens with missing claims
2. Try tokens with wrong issuer
3. Try tokens with wrong audience
4. Try tokens with invalid signature
5. Verify all are rejected

Test Cross-Origin

1. Test from different domains (if multiple allowed origins)
2. Verify CORS headers are correct
3. Test that unauthorized domains are blocked
4. Verify allowed origins list is working

Test User Data

1. Generate tokens with different user data
2. Verify names display correctly
3. Verify emails are used for identity matching
4. Verify avatars load correctly
5. Test with missing optional fields

Common Issues

Token Verification Fails

Check:

• Issuer matches [Workspace Name]/[Board Title] exactly
• Audience is exactly "roundtwo" (case-sensitive)
• Token hasn't expired
• Public key is correct in Round Two settings
• Token is signed with RS256

Form Doesn't Open

Check:

• Browser console for errors
• Embed script is loaded
• Allowed origins include your domain
• Embedding is enabled for the board
• Token endpoint is accessible

User Not Authenticated

Check:

• Token endpoint returns a valid JWT
• Token includes required claims
• Token is signed correctly
• Public key matches in Round Two

User Data Not Displaying

Check:

• Token includes name, email, avatar_url claims
• User data is available in your authentication system
• Avatar URLs are accessible
• Email format is valid

Feedback

This feature is in public beta. We'd love to hear your thoughts! If you have feedback, suggestions, or encounter any issues, please contact us.

Next Steps

• Security - Learn about securing your integration
• Troubleshooting - Common issues and solutions