I’ve been unable to get past the “login_required” exception you mention. I’ve tried setting the auth0 session cookie manually, but maybe I’m not setting the correct cookie or value.
I was able to fix this by changing my tenant settings (the Default Directory property, mentioned in the section Auth0 Setup & Configuration above). It was a little hard to find. On your dashboard, click on your account dropdown in the upper-right, then click “settings.” The property you want to change is under “API Authorization Settings.” Setting this to “Username-Password-Authentication” as mentioned in the article got me past the error.
With the new Auth0-spa-js package, I can not use cy.request() to get the authorization code from login API because the URL now has a random state.
Do you have a workaround solution for this issue?
Did you figure this out? I’m having the same issues, I can’t get this to work because it gives me an invalid token error. Saying the state does not match
Login through the auth0 page (we will redirect to log-in page and log out due to the fact that I cannot generate the random state in the new auth0 package)
Note: If you’re not custom login page in auth0, use the classic page in Universal Login. I found that the new UI of Auth0 login page has a lot of security enhance that prevents us render auth0 in an iframe.
It would be great actually if you can share that feedback along with the context with repo maintainers by raising a GitHub issue in the repo. Thank you!
Hi @konrad.sopala. Thanks for moving my reply here, as I was able to find the workaround from @corruptedmonk above to get my cypress login test working.
So it’s great to have a workaround, but it would be excellent if there was a way with Auth0 SPA JS to login programmatically to our application (similar to the way proposed in the article I linked to in my previous comment), so that we would not have to login and logout every time which will slow down the test suite.
Would it be be possible for the team to add new version of the above article for Auth0 SPA JS?
I guess potentially it can be possible but it all depends on team’s bandwidth. I would just suggest submitting product feedback regarding that using our feedback form:
Hi. Just chiming in now as I’m starting to use Cypress now.
@konrad.sopala - the solution in this thread is not an actual solution imo. It does numerous things that go against best practices that both Auth0 and Cypress recommend. The point of using Auth0 is to have top-notch security… lowering the level of security (by disabling protections against malicious attacks in Auth0) in order to properly test an application should not be acceptable.
The point of this blog post was to provide a manner in which to securely test an Auth0 authenticated SPA with Cypress. This blog post seems to be outdated. I followed everything exactly as per the guide, and tried debugging this on my own with a variety of ideas for an hour or two now. I started with something along the lines of what @corruptedmonk suggested until realizing that it went against both Cypress and Auth0 best practices. Then I found this guide, and was disappointed that it isn’t current.
And not only that… based off of everything everybody else is saying, even if I was able to get my access_token, etc. back (which I can’t - right now I’m just being redirected to auth0.com and getting the html for that page back) - this wouldn’t even work with the library that you ask everybody working with an SPA to use.