End-to-End Testing with Cypress and Auth0

@dan-auth0, I’ve just read the solution and it looks promising, I will give it a try.
But @dopry has a point that we have a lot of control over our Auth0 apps. In case that my team has a custom template on Auth0, then we have to test that template when running E2E, we can’t just bypass the login template by using cy. request options. Sure it will be handy for us to test with other features but It would be nice if Auth0 provides an E2E testable platform (for auth0-spa-sdk)

1 Like

This solution doesn’t touch on our E2E needs. With E2E testing I want to be absolutely sure our login flows, redirect to auth0, microinteraction in our custom auth0 templates, redirects back to our applications, and any conditional logic bases on return status/JWT data is working properly. We simply can do this without actually using cypress to following the Redirect to Auth0, interact with the form, and get redirected to back to our application.

We need someway to disable the security header that doesn’t allow the cypress iframe to load auth0 for testing, aka the disable click-jacking option for the new experience.

2 Likes

Hi everyone,
I just posted to the thread @dan-auth0 mentioned. I’ve created a github repo that tries the programatic solution mentioned and failed. auth0-spa-js stills says I’m unauthenticated even after getting a response from /oauth/token and visiting the callback url. If anyone else is interested in the programmatic solution feel free to clone my repo. I specify what needs configured in the README. I’ll let you know if I figure it out.

I find both the programmatic and ui cypress solutions valuable. For CI I want my tests to be fast so I don’t want my tests to be logging in with the UI. However, it is still valuable to tests the UI on a cadence to make sure it is still working as expected.

Thank you for your help.

5 Likes

Hi everyone,
I got logging in programmatically into Auth0 with Cypress working. Feel free to clone my repo for a working example https://github.com/dunson062786/login-programmatically-into-auth0-with-cypress. The README has instructions for setting it up with your own Auth0 App.

2 Likes

Thanks a lot for sharing it with the rest of community!

2 Likes

For anyone who tries this and is still using Rules as part of their Authorization Pipeline, the “password” grant type may cause issues. I was initially getting { "error": "access_denied", "error_description": "Cannot read property 'scope' of undefined" } After much poking around, I determined it was due to the Rules we are using for token formatting which refer to context.request properties such as body which do not exist with the password grant type. The solution was to check for the password grant type by adding the following to the top of the affected rules:

if (context.protocol === 'oauth2-password') { return callback(null, user, context); }

It would be helpful if the post was edited to indicate that this pitfall exists.

1 Like

Howdy, Erin!

We are positioning this topic internally as a high-priority topic and we are working on developing better guidance :pray: Thank you for your feedback as it helps us understand what we need to communicate better.

I don’t have an ETA yet and when the new or update guidance is coming, but rest assured that we are providing it enough visibility.

Thanks a lot for providing the heads-up Dan!

Hi
I have followed this tutorial in order to login to Auth0 through Cypress.


everything generally goes smoothly expect 10% of the time my Cypress app fails to login. I have checked and call to fetch id_token and other data is successful. The only thing that looks different when my login . fails (app gets stuck on the auth0 hosted login page is the following error in my console.
Any help is much appreciated.
Tenant : Ahseworks

Hey there @fmozaffari!

What happens if you actually follow the error message and do what is advised there? Is it still occuring for you?

@konrad.sopala thanks for the response. There is no Origin error before this error. Also my tenant doesn’t have an allow origin section. it only has an allow logout origin.

Thanks a lot for providing that info! Let me dive into that and get back to you soon!

1 Like

Hey there! Sorry for such huge delay but I simply got hit over with the number of questions I get. Re-routing that if you still have problems to the article discussion here if you still have problems with that.

1 Like

Five months without a sensible solution for E2E testing seems like along time.

Hey there @andrew.phillipo!

I’m not the author of that blog article but as a community engineer doing my best to bring the article author attention to assist you in your struggles. Sorry for the inconvenience!

What I always advise towards people in community when having issues like that is filing product feedback and feature requests through our product feedback form (once you do that you will be contacted by our product managers within 10 business days) as it’s a main channel for communicating with our product managers who as you know are responsible for deciding what features and solutions to release. I can do my best to advocate for that but it’s users’ feedback that does the job. The more feedback regarding certain feature they receive the more probable it is that it will get implemented or improved.