End-to-End Testing with Cypress and Auth0

nancy.habecker · March 23, 2022, 12:45pm

Hi!

We are writing e2e tests for our SPA (it uses the @auth0/auth0-react library). We are hoping we can run them against our dev and production environments. We are following the blog post and have created a separate client for the tests that uses the “password” grant type. The tests call /oauth/token and receive the access token and ID token. We are hoping we can send this information to our react SPA. We ended up writing something very similar to dobrek’s solution - after getting the tokens from /oauth/token, we redirect to the react app and set the tokens in local storage. However, calling the API with the access token fails because it’s expecting a signed JWT. Is it possible for the token endpoint to return a signed token? Would it even work if it’s signed by one client (my e2e tests), but used by another client (the react app in dev/production)?

Thanks!

konrad.sopala · March 24, 2022, 12:29pm

@robertino.calcaterra would you be able to follow up on this? Thank you!

robertino.calcaterra · March 24, 2022, 12:59pm

We are working on this @konrad.sopala (cc @nancy.habecker)

robertino.calcaterra · March 24, 2022, 3:20pm

Is it possible for the token endpoint to return a signed token?

Yes, you will get a JWT Access Token if you specify an audience in the /oauth/token request. See the difference between Opaque and JWT access tokens here: Access Tokens also Call Your API Using Resource Owner Password Flow

Would it even work if it’s signed by one client (my e2e tests), but used by another client (the react app in dev/production)?

Yes, the authorization server signs the JWT, it doesn’t matter to your API which client is bearing the access token.

dchoi · April 5, 2022, 2:58am

It’s a good start but I need more info. In my case I use auth0-react and the Auth0Provider JSX component. This component causes a redirect to login, when user hits a page when they are not logged in.
I need to know the cookies that are needing to be set to make this component accept that a valid login has been completed. I thought I could just set the auth0.is.authenticated cookie but that is not sufficient and redirect is still happening.
Does anyone know what those cookie names and values should be while using Cypress?

cwveysey · April 5, 2022, 12:57pm

I use @auth0/auth0-react and useAuth0 -

I don’t want to add “authService.send(“AUTH0”, { user, token })” and change my working application code exclusively for e2e purposes (unless I have to).

I am successfully retrieving a token via the commands.js oauth/token flows…but I have been unable to figure out how to make that work with const { user, isAuthenticated, isLoading, getAccessTokenSilently} = useAuth0();

“We are positioning this topic internally as a high-priority topic” from @dan-auth0 is from 3/2020 -

When convenient, please advise.

@konrad.sopala @robertino.calcaterra

Hawxy · April 8, 2022, 3:44am

Just a heads up that interactive logins will soon be supported in Cypress via https://github.com/cypress-io/cypress/pull/18075

All of the core features are finished, so I believe this will be in a upcoming release.

konrad.sopala · April 8, 2022, 8:40am

Thanks for sharing that @Hawxy !

cwveysey · April 8, 2022, 4:57pm

@konrad.sopala any update for auth0/auth0-react users?

konrad.sopala · April 11, 2022, 7:39am

@robertino.calcaterra do you have any info on the above? Thank you!

cwveysey · April 13, 2022, 7:00pm

Following up here @robertino.calcaterra @konrad.sopala

Just wondering if you all are able to provide any rough timelines in light of “We are positioning this topic internally as a high-priority topic” from 3/2020, so that myself and other auth0-react users can plan accordingly.

Best and thank you -

Hawxy · May 2, 2022, 4:12am

Cross-origin support is finally released which should resolve all remaining problems in this space:

Here’s an example implementation for an Auth0 site that uses identifier-first login & automatically redirects on load:

Cypress.Commands.add('loginAsUser', (email, password) => {
    const args = { email, password }
    cy.session(
        args,
        () => {
            // visit homepage
            cy.visit('/')
            // redirects to Auth0
            cy.origin('/**YOUR AUTH0 DOMAIN HERE**/', { args }, ({ email, password }) => {
                cy.get('#username').type(email)
                cy.get('button').contains(/^Continue$/).click();
                cy.get('#password').type(password)
                cy.get('button').contains('Continue').click();
            })
            // assert we've returned to the site
            cy.url().should('contain', '/home')
        }
    )
})

Very simple!

konrad.sopala · May 4, 2022, 8:28am

Wooohooo thanks for sharing that!

robertino.calcaterra · May 20, 2022, 4:35pm

Hi everyone! We updated this post!

This blog post is no longer maintained, and it may be out of date. Please use the following resources created by the Cypress team to learn how to use Cypress to test a Single-Page Application (SPA) that uses Auth0:

Cypress 9.6.0: Easily test multi-domain workflows with cy.origin (Blog post)
How to test multiple domains or origins with Cypress (Video)

The updated version is here.

mraible · May 20, 2022, 4:59pm

If you want to see a working example of a SPA that has end-to-end tests with Cypress, you can also check out Ionic for JHipster. When you generate the Ionic app, it includes Cypress tests that use cy.origin and cy.session (to help honor Auth0 rate-limits).

github.com

oktadev/okta-jhipster-ionic-example/blob/main/ionic-app/cypress/support/commands.ts#L59-L89


      
          cy.visit('/');
          cy.get('#signIn').click();
          cy.origin(
            authorization_endpoint,
            {
              args: { authorization_endpoint, username, password },
            },
            // eslint-disable-next-line @typescript-eslint/no-shadow
            ({ authorization_endpoint, username, password }) => {
              if (authorization_endpoint.includes('okta')) {
                let usernameElement = 'username';
                let passwordElement = 'password';
                // Element names have changed for Okta Identity Engine.
                // Identity-first flow might require additional changes, for example:
                // https://github.com/okta/okta-react/blob/master/test/e2e/page-objects/okta-oie-signin-page.js#L30
                cy.get('h2').contains('Sign In');
                cy.get('body').then(body => {
                  if (body.find('input[name="identifier"]').length) {
                    usernameElement = 'identifier';
                    passwordElement = 'credentials.passcode';

This file has been truncated. show original

konrad.sopala · May 23, 2022, 6:47am

Thanks @robertino.calcaterra and @mraible for sharing all that!

montajes · January 25, 2023, 5:09pm

I’m currently we’re having a problem using Auth0 together with cypress End to End testing using Nejxt JS. Hope you could help us and give some information and advice. Summary of the Inquiry, the Auth0 is not able to run or pass on cypress e2e when its move to serverSideRendering it always throws us an errors. Below are the current versions and used libraries:

Next JS → “next”: “^13.1.1”
Auth0 → “@auth0/nextjs-auth0”: “^2.0.1”
Cypress → “cypress”: “^12.3.0”,

The Following are the Errors and Steps we have done so far:

When Auth0 (Authentication) on client side it works fine.
When Auth0 (Authentication) moved to serverSideRendering. (code below)

Steps and Things Done so far:

Manually login in the user whic the credentials.

followed this docs and article. (https://auth0.com/blog/end-to-end-testing-with-cypress-and-auth0/)
I was able to get a access_token, id_token, expires, token: “bearer”, date
but trying to manually add it to session using cy.session() its not able to redirect the user or login the user. Stuck on the same screen even using cy.visit()
[image]
Screen Behavior:
[image]

Tried to use direct login without cy.origin, cy.visit
[image]

stuck on the same page it has an error, that callback not be called.

Tried the this one as well the login with forms.
[image]

but were having an error on callback and its having 400 which not allowed us to deploy since it has an error. (error below)

[image]

Tried also to cy.visit into a callback after getting a token.

http://localhost:3000/api/auth/callback?code=3CmkEcO9vxwqvpjmvwfEy6NlmCyBictUOWQw70rPKZgq9&state=eyJyZXR1cm5UbyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMC8ifQbut
but its 500 since the code is unique, and the state is the redirect_uri.

matthew.hole · January 26, 2023, 1:15pm

I am having similar issues being able to login programmatically whilst using @nextjs-auth0 and Cypress. I have been able to login via the UI using Cypress but this is far from ideal considering the volume of E2E testing I want to do and having to be redirected to an Auth0 login screen, while automated, is still time consuming.

I raised this post yesterday and am close but I am struggling to store the appSession cookie correctly which is causing all subsequent requests to be returned with a 401. Link to my post here.

richard.westmoreland · March 1, 2023, 3:25am

Hey there. Just wondering if you’ve found a solution to using cy.session with Auth0 NextJS? Trying to do the same things and would love to be able to use the latest Cypress version.

matthew.hole · March 8, 2023, 8:49pm

Hi! I haven’t yet no. I have been close with creating some sort of session and storing it as a cookie, but Auth0 keeps returning an error meaning that I must have not created the cookie correctly. If you have made any progress please do share!