Cypress: Allow redirects to external authentication providers

Created on 22 Mar 2018 · 20Comments · Source: cypress-io/cypress

Current behavior:

We use an internal SSO implementation based on OpenID Connect, using redirect flows to authenticate. Cypress does not currently allow the redirect to the 'external' page to login.

Desired behavior:

Cypress could be configured to allow redirects to other domains when necessary. Maybe this could be a configurable whitelist?

I think the current default behaviour is good, but would like to see the option to bypass it.

Operating System: Windows 10
Cypress Version: 2.1.0
Browser Version: Chrome 64

Source

alexcmoss

Most helpful comment

I'm currently evaluating different e2e/integration testing tools and really love Cypress for its command log and easiness of debugging. After the first impression, I was excited to convince my team to use it in our project. Unfortunately, I failed to authenticate with OKTA SSO due to #1321. In the meantime, I tried TestCafe and it took me literally like 3 minutes to successfully log in to my app with 3 redirects without disabling chromeWebSecurity. I'm wondering what blockers are preventing Cypress from allowing to accomplish the same scenario without so much additional work presented in SSO recipe. We will probably stick with TestCafe for now but I will definitely check whether anything has changed regarding this issue since I definitely prefer Cypress' approach.

hiredgun on 5 Sep 2018

👍26

All 20 comments

You can already do this by turning off chromeWebSecurity. However, this is an anti pattern and we have recipes and documentation explaining how to do this properly without visiting the 3rd party provider. You should programmatically log into your provider with cy.request().

You can search the issues here for even more answers to this question.

https://on.cypress.io/best-practices#Visiting-external-sites
https://www.youtube.com/watch?v=5XQOK0v_YRE (you should watch this video to see it in action)
https://on.cypress.io/recipes.html#Single-Sign-On (we have a recipe of SSO here)

brian-mann on 25 Mar 2018

👎31

Hey @brian-mann

Can I ask why this is considered bad practise? I'm currently having this issue, when visiting our landing page it will redirect you to login if you haven't already. Cypress is not loading this redirected page. Is there anyway of accessing this redirect page other than sending an api request? The redirected page is completely within our control, and sending an api request to login is not reflective of our user journey.

Thanks

CrgMkz on 31 Aug 2018

👍7

hiredgun on 5 Sep 2018

👍26

One of the primary areas of our apps that we would want to test in an automated fashion is the SSO redirect. We also use OKTA and Open ID Connect. I would hope that you would reconsider this issue to find a solution.

owenmecham on 9 Jan 2019

👍9

Same. Found this thread doing research to be sure we'd be able to use our Enterprise Okta SSO. Am I wrong in assuming this isn't supported?

aaron-sf on 19 Apr 2019

👍6

Any updates on this? If a baseUrl is Okta secured, Cypress isn't able to login since they get redirected to an external page.

rodoabad on 28 May 2019

👍3

I'm also having issue with OKTA and can't login at all into our app URL. So is it possible at all?

jeffradom on 8 Jun 2019

👍2

@jeffradom @rodoabad @owenmecham Please open an issue detailing the exact code to reproduce the OKTA issue so we can look at the exact mechanisms that are involved.

jennifer-shehane on 10 Jun 2019

👍2

@jennifer-shehane I've already done that with maximum details I had.

jeffradom on 10 Jun 2019

here is a link to a bug https://github.com/cypress-io/cypress/issues/4416

jeffradom on 10 Jun 2019

User of Google IDaaS and former OKTA user here. Also hit by this issue which prevents us from using Cypress altogether because the site is 100% authenticated behind SAML.

anavarre on 26 Jun 2019

👍6

We use OIDC/OAuth 2.0 and I'm facing the same problems. I can't use the provided recipes because there is no simple login page. The app redirects to the login-page with a nonce, code, code-verifier and what not. I'm fine with working around our login-flow to test the app, but still haven't found a way to do so.

rienheuver on 18 Dec 2019

👍1

Someone has created a custom OKTA login command that may be useful here: https://gist.github.com/ndavis/2c84ab40aaa3c98c3a8062bdb3938232

jennifer-shehane on 31 Dec 2019

For those using Auth0 you can follow this guide and also use this repo which works!

https://auth0.com/blog/end-to-end-testing-with-cypress-and-auth0/
https://github.com/danlourenco/auth0-cypress-demo/

mribichich on 12 Mar 2020

@rienheuver Did this work for you? I am running into same issue as yours and wanted to check if it was resolved.

trips11 on 8 Apr 2020

@trips11 I built a workaround to get things to work which I explain here: https://github.com/cypress-io/cypress/issues/944#issuecomment-567453827

rienheuver on 8 Apr 2020

anyone has a working example for authentication with IdentityServer4?

dimitriy-k on 15 Apr 2020

👍5

Is this okta login issue resolved for any one.I am also facing the same issue..okta login page not loding in Cypress controlled browser

rinshadkt on 11 Jun 2020

@rinshadkt as I understood it is a choice of Cypress not to allow to load external/different domains, so it is not an issue. After some time trying to figure it out with Cypress, moved to TestCafe where you can easily load different domains and it was good enough for me for all my needs.

dimitriy-k on 11 Jun 2020

@jennifer-shehane

i tried to use the one you referenced to, but it still changes domains
https://gist.github.com/ndavis/2c84ab40aaa3c98c3a8062bdb3938232