solves it, but is there a better solution?
It depends on your use case.
If you want to test a RPC or site that requires wrdauth, you could invoke it through a browser (which implements cookies). If you want to test an API directly and are just doing a fake login, you could also change the API to just take a user id as parameter.
If you use wrdauth in a test, what we’ve seen it’s often used as a very complex way to basically have a global variable ‘loggedin userid’. So just declare that global variable and set it directly in your tests without involving wrdauth? You’re not testing any of the cookie-setting and redirections wrdauth requires, so what you’re testing doesn’t really represent anything related to wrdauth
But wrdauth is full of workarounds to make it work without a request, and those workarounds regularly break.