@dan-auth0, I’ve just read the solution and it looks promising, I will give it a try.
But @dopry has a point that we have a lot of control over our Auth0 apps. In case that my team has a custom template on Auth0, then we have to test that template when running E2E, we can’t just bypass the login template by using cy. request
options. Sure it will be handy for us to test with other features but It would be nice if Auth0 provides an E2E testable platform (for auth0-spa-sdk)
This solution doesn’t touch on our E2E needs. With E2E testing I want to be absolutely sure our login flows, redirect to auth0, microinteraction in our custom auth0 templates, redirects back to our applications, and any conditional logic bases on return status/JWT data is working properly. We simply can do this without actually using cypress to following the Redirect to Auth0, interact with the form, and get redirected to back to our application.
We need someway to disable the security header that doesn’t allow the cypress iframe to load auth0 for testing, aka the disable click-jacking option for the new experience.
Hi everyone,
I just posted to the thread @dan-auth0 mentioned. I’ve created a github repo that tries the programatic solution mentioned and failed. auth0-spa-js stills says I’m unauthenticated even after getting a response from /oauth/token and visiting the callback url. If anyone else is interested in the programmatic solution feel free to clone my repo. I specify what needs configured in the README. I’ll let you know if I figure it out.
I find both the programmatic and ui cypress solutions valuable. For CI I want my tests to be fast so I don’t want my tests to be logging in with the UI. However, it is still valuable to tests the UI on a cadence to make sure it is still working as expected.
Thank you for your help.
Hi everyone,
I got logging in programmatically into Auth0 with Cypress working. Feel free to clone my repo for a working example GitHub - dunson062786/login-programmatically-into-auth0-with-cypress. The README has instructions for setting it up with your own Auth0 App.
Thanks a lot for sharing it with the rest of community!
For anyone who tries this and is still using Rules as part of their Authorization Pipeline, the “password” grant type may cause issues. I was initially getting { "error": "access_denied", "error_description": "Cannot read property 'scope' of undefined" }
After much poking around, I determined it was due to the Rules we are using for token formatting which refer to context.request
properties such as body
which do not exist with the password grant type. The solution was to check for the password grant type by adding the following to the top of the affected rules:
if (context.protocol === 'oauth2-password') { return callback(null, user, context); }
It would be helpful if the post was edited to indicate that this pitfall exists.
Howdy, Erin!
We are positioning this topic internally as a high-priority topic and we are working on developing better guidance Thank you for your feedback as it helps us understand what we need to communicate better.
I don’t have an ETA yet and when the new or update guidance is coming, but rest assured that we are providing it enough visibility.
Thanks a lot for providing the heads-up Dan!
Hi
I have followed this tutorial in order to login to Auth0 through Cypress.
everything generally goes smoothly expect 10% of the time my Cypress app fails to login. I have checked and call to fetch id_token and other data is successful. The only thing that looks different when my login . fails (app gets stuck on the auth0 hosted login page is the following error in my console.
Any help is much appreciated.
Tenant : Ahseworks
Hey there @fmozaffari!
What happens if you actually follow the error message and do what is advised there? Is it still occuring for you?
@konrad.sopala thanks for the response. There is no Origin error before this error. Also my tenant doesn’t have an allow origin section. it only has an allow logout origin.
Thanks a lot for providing that info! Let me dive into that and get back to you soon!
Hey there! Sorry for such huge delay but I simply got hit over with the number of questions I get. Re-routing that if you still have problems to the article discussion here if you still have problems with that.
Five months without a sensible solution for E2E testing seems like along time.
Hey there @andrew.phillipo!
I’m not the author of that blog article but as a community engineer doing my best to bring the article author attention to assist you in your struggles. Sorry for the inconvenience!
What I always advise towards people in community when having issues like that is filing product feedback and feature requests through our product feedback form (once you do that you will be contacted by our product managers within 10 business days) as it’s a main channel for communicating with our product managers who as you know are responsible for deciding what features and solutions to release. I can do my best to advocate for that but it’s users’ feedback that does the job. The more feedback regarding certain feature they receive the more probable it is that it will get implemented or improved.
I am trying to get this to work and finding it very challenging. Can our front end (written in Vue) use tokens from two different Auth0 apps? We don’t want our production one to use an Auth0 app that has a password grant enabled. I am finding added difficulty switching to/using the Auth0 app w/ the password grant enabled. Most recently, the app stopped honoring my local https cert when the browser is started by Cypress. Start chrome manually and it honors the cert no problem.
Pinging @bruno.krebs article author for visibility
Having a similar difficulty as stuart.holme in terms of not wanting to have password grant in our app.
I can easily get the access_token with the /oauth/token
and client grant, but can’t seem to find a way to use that in order to login directly without facing login page and the super domain limitation in Cypress…
What would be just perfect is getting the right tokens through a request, setting them up as cookies, and then access the app page directly. (Skipping Auth0 login because of existing cookies)
Any ideas would be very much appreciated
cc @bruno.krebs once again
Make sure to call /callback page and with token returned by Auth0