End-to-End Testing with Cypress and Auth0

Hey there @Ali-Doustkani!

It would be great actually if you can share that feedback along with the context with repo maintainers by raising a GitHub issue in the repo. Thank you!

@Ali-Doustkani
Check out my solution in the comment above.
This is the solution for Auth0-spa-js package for now.

1 Like

Thanks a lot for sharing that with the rest of community @corruptedmonk!

I finally did it in your way. Thanks for the comment!

2 Likes

Glad you have it working @Ali-Doustkani!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Hi @konrad.sopala. Essentially how can we achieve similar to the result in this article using the new auth0 library?

1 Like

Hey there @jonathan.dudley!

I moved your reply here as it seems more appropriate. Can you specify your question a little bit more as I’m not sure what you mean :slight_smile: Thank you!

Hi @konrad.sopala. Thanks for moving my reply here, as I was able to find the workaround from @corruptedmonk above to get my cypress login test working.

So it’s great to have a workaround, but it would be excellent if there was a way with Auth0 SPA JS to login programmatically to our application (similar to the way proposed in the article I linked to in my previous comment), so that we would not have to login and logout every time which will slow down the test suite.

Would it be be possible for the team to add new version of the above article for Auth0 SPA JS?

Thanks.

2 Likes

I guess potentially it can be possible but it all depends on team’s bandwidth. I would just suggest submitting product feedback regarding that using our feedback form:

Hi. Just chiming in now as I’m starting to use Cypress now.

@konrad.sopala - the solution in this thread is not an actual solution imo. It does numerous things that go against best practices that both Auth0 and Cypress recommend. The point of using Auth0 is to have top-notch security… lowering the level of security (by disabling protections against malicious attacks in Auth0) in order to properly test an application should not be acceptable.

The point of this blog post was to provide a manner in which to securely test an Auth0 authenticated SPA with Cypress. This blog post seems to be outdated. I followed everything exactly as per the guide, and tried debugging this on my own with a variety of ideas for an hour or two now. I started with something along the lines of what @corruptedmonk suggested until realizing that it went against both Cypress and Auth0 best practices. Then I found this guide, and was disappointed that it isn’t current.

And not only that… based off of everything everybody else is saying, even if I was able to get my access_token, etc. back (which I can’t - right now I’m just being redirected to auth0.com and getting the html for that page back) - this wouldn’t even work with the library that you ask everybody working with an SPA to use.

5 Likes

Also to be clear: @corruptedmonk I appreciate you sharing your solution - I just expect something better of Auth0. :slight_smile: We shouldn’t need to compromise both app security and E2E test quality in order to authenticate test users.

3 Likes

@thisissami, yup it is true that my solution go against best practices of Cypress and Auth0. (That why I called it work around solution)
But we can’t run E2E on production environment right?
So, until now, you could setup an Test environment just for E2E test, this env will lower security of Cypress and Auth0 to run your test cases.

And in the mean time, we will wait Auth0 team to make a way for us to run E2E test with cypress.

Also to be clear that the Auth0-spa-js package is very young and it need a lot of time to improve ( also Cypress framework).

1 Like

Thanks a lot for providing all that context and feedback. I will relay it to the article author to take a look at that and implement in the near future!

1 Like

I think the author’s invocation of best practice is flawed.

“The best practice is never to visit or test third-party sites over which you have no control.”

We do have pretty extensive control over our Auth0 apps including custom domains, custom templates, and allowed URLs. Registration and Logout are key parts of the User Experience of any site. I want to know my custom templates are working, I want to know users are being redirected properly when login is triggered at different parts of a workflow or through different mechanisms.

I think it’s important that Auth0 provide the ability to perform E2E tests. It would be really nice if we could also test new universal login experience apps the same way we can classic. Lack of E2E testing support block my tenants from upgrading to New Experience.

If Auth0 can’t deliver an E2E testable platform my team will be forced to more actively look at options like ORY and KeyCloak as alternative AAA services that we can host on our own infrastructure.

5 Likes

Hey there!

I would ping the article author once again so we can discuss your points!

1 Like

Welcome to our Auth0 Community!

I am consulting internally with our team to find out what’s the status of this and if there have been any changes on how to test the new Auth0 SPA SDK. Thank you for your time and feedback :pray:

1 Like

That would be super helpful @dan-auth0 ! I really like the autho-spa sdk, but having it break all of of my tests is a big problem. Im with @dopry in thinking that if Auth0 cannot provide this, I’ll need to use another platform.

1 Like

The team shared that the SDK has not changed yet but one of our engineers shared this solution someone posted on GitHub:

https://github.com/auth0/auth0-spa-js/issues/210#issuecomment-581103908

What do you think, @nikolaswise, @dopry, @corruptedmonk?, @thisissami, @jonathan.dudley?

1 Like