For now, this is the workaround solution of me.
- Disable chrome security in Cypress config.
- Login through the auth0 page (we will redirect to log-in page and log out due to the fact that I cannot generate the random state in the new auth0 package)
Note: If you’re not custom login page in auth0, use the classic page in Universal Login. I found that the new UI of Auth0 login page has a lot of security enhance that prevents us render auth0 in an iframe.
Then, Go to Auth0 → Tenant Setting → Advanced → Enable Clickjacking Protection to allow auth0 load in an iframe.
Ok, that all the step that I did to make it work. Hope this help you