Auth0 redirect back to app fails without explicit revisit via cy.visit()
gabriellemadden opened this issue · comments
Current behavior
We have set up our test suite to sign in to our app through the auth0 UI.
- Our app redirects a user to the auth0 log in page where they input credentials.
- After authenticating, the user is redirected back to our app where they should be authenticated via browser cookies set by auth0.
- Our app behaves as if the user is still not authenticated, and redirects them back to the Auth0 login page
- if we run cy.visit('our-app-url') in the same test immediately after the first auth0 manual login in steps 1-3, the app sees the user as authenticated and the test is granted access.
The above behaviour is not observed when logging in outside of the cypress test. It occurs in headless and headed mode, both chrome and electron.
Desired behavior
We should not have to explicitly use cy.visit() to return to the app and be seen as authenticated. The test should be seen as authenticated at the first organic redirect back to the app from auth0.
Test code to reproduce
cypress.config.json:
const { defineConfig } = require('cypress')
module.exports = defineConfig({
chromeWebSecurity: false,
defaultCommandTimeout: 90000,
responseTimeout: 90000,
recoverFromRendererCrashes: true,
e2e: {
setupNodeEvents(on, config) {
return require('./cypress/plugins/index.js')(on, config)
},
},
})
cypress.env.json:
{
"FRONTEND_URL": "localhost:4200",
"AUTH0_CLIENT_ID": redacted,
"AUTH0_DOMAIN": "businessname.auth0.com",
"AUTH0_USERNAME": redacted,
"AUTH0_PASSWORD": redacted
}
failing test:
/// <reference types="cypress" />
describe('Check home screen', () => {
it('Checks home screen', () =>{
cy.login(Cypress.env('FRONTEND_URL'))
cy.get('#mainMenuBtn').click() // fails on timeout because this is an app component, but the test sees the auth0 login page again
cy.get('#home-navigation').click()
})
})
login command:
Cypress.Commands.add('login', (frontendUrl) => {
cy.visit(frontendUrl); // redirects to auth0 login page
cy.get('input[type=text]').type(Cypress.env('AUTH0_USERNAME'));
cy.get('input[type=password]').type(Cypress.env('AUTH0_PASSWORD'), {log: false});
cy.get('form').first().submit();
// redirects back to app, app sees attempt as not authenticated and redirects back to auth0
// note that an extra cy.visit(frontendUrl); here actually results in the test being seen as authenticated by our app
});
login command attempting to use cy.origin, but with same behaviour:
Cypress.Commands.add('login', (frontendUrl) => {
cy.visit(frontendUrl); // redirects to auth0 login page
cy.origin(Cypress.env('AUTH0_DOMAIN'), () => {
cy.get('input[type=text]').type(Cypress.env('AUTH0_USERNAME'));
cy.get('input[type=password]').type(Cypress.env('AUTH0_PASSWORD'), {log: false});
cy.get('form').first().submit();
})
// redirects back to app, app sees attempt as not authenticated and redirects back to auth0
// note that an extra cy.visit(frontendUrl); here actually results in the test being seen as authenticated by our app
});
Cypress Version
12.3.0
Node version
16.15.0
Operating System
macOS 12.6
Debug Logs
No response
Other
- I have not been able to find evidence that the issue is on the side of our app. When logging into the app outside of cypress, there is no failed authentication after logging in to auth0 and being redirected. We have not changed any of our Auth0 callback settings
- This issue has cropped up when attempting to upgrade cypress from version 9.1.0 to version 12.3.0. The original login command works with auth0 and our app just fine, even without the cy.origin() functionality, in version 9.1.0.
- Given that the debug logs expose sensitive information, I prefer not to share them.
- The browser cookies set by auth0 appear to be working, since revisiting the app domain after login/redirect works
I am going to add in the cy.visit() as a workaround for now but it would be nice to mimic the user's login flow exactly in our e2e tests.