Allow redirects to external authentication providers

[alexcmoss]

Current behavior:

We use an internal SSO implementation based on OpenID Connect, using redirect flows to authenticate. Cypress does not currently allow the redirect to the 'external' page to login.

Desired behavior:

Cypress could be configured to allow redirects to other domains when necessary. Maybe this could be a configurable whitelist?

I think the current default behaviour is good, but would like to see the option to bypass it.

• Operating System: Windows 10
• Cypress Version: 2.1.0
• Browser Version: Chrome 64

[brian-mann]

You can already do this by turning off chromeWebSecurity. However, this is an anti pattern and we have recipes and documentation explaining how to do this properly without visiting the 3rd party provider. You should programmatically log into your provider with cy.request().

You can search the issues here for even more answers to this question.

• https://on.cypress.io/best-practices#Visiting-external-sites
• https://www.youtube.com/watch?v=5XQOK0v_YRE (you should watch this video to see it in action)
• https://on.cypress.io/recipes.html#Single-Sign-On (we have a recipe of SSO here)

[CrgMkz]

Hey @brian-mann

Can I ask why this is considered bad practise? I'm currently having this issue, when visiting our landing page it will redirect you to login if you haven't already. Cypress is not loading this redirected page. Is there anyway of accessing this redirect page other than sending an api request? The redirected page is completely within our control, and sending an api request to login is not reflective of our user journey.

Thanks

[hiredgun]

I'm currently evaluating different e2e/integration testing tools and really love Cypress for its command log and easiness of debugging. After the first impression, I was excited to convince my team to use it in our project. Unfortunately, I failed to authenticate with OKTA SSO due to #1321. In the meantime, I tried TestCafe and it took me literally like 3 minutes to successfully log in to my app with 3 redirects without disabling chromeWebSecurity. I'm wondering what blockers are preventing Cypress from allowing to accomplish the same scenario without so much additional work presented in SSO recipe. We will probably stick with TestCafe for now but I will definitely check whether anything has changed regarding this issue since I definitely prefer Cypress' approach.

[owenmecham]

One of the primary areas of our apps that we would want to test in an automated fashion is the SSO redirect. We also use OKTA and Open ID Connect. I would hope that you would reconsider this issue to find a solution.

[aaron-sf]

Same. Found this thread doing research to be sure we'd be able to use our Enterprise Okta SSO. Am I wrong in assuming this isn't supported?

[rodoabad]

Any updates on this? If a baseUrl is Okta secured, Cypress isn't able to login since they get redirected to an external page.

[jeffradom]

I'm also having issue with OKTA and can't login at all into our app URL. So is it possible at all?

[jennifer-shehane]

@jeffradom @rodoabad @owenmecham Please open an issue detailing the exact code to reproduce the OKTA issue so we can look at the exact mechanisms that are involved.

[jeffradom]

@jennifer-shehane I've already done that with maximum details I had.

[jeffradom]

here is a link to a bug #4416

[anavarre]

User of Google IDaaS and former OKTA user here. Also hit by this issue which prevents us from using Cypress altogether because the site is 100% authenticated behind SAML.

[rienheuver]

We use OIDC/OAuth 2.0 and I'm facing the same problems. I can't use the provided recipes because there is no simple login page. The app redirects to the login-page with a nonce, code, code-verifier and what not. I'm fine with working around our login-flow to test the app, but still haven't found a way to do so.

[jennifer-shehane]

Someone has created a custom OKTA login command that may be useful here: https://gist.github.com/ndavis/2c84ab40aaa3c98c3a8062bdb3938232

[mribichich]

For those using Auth0 you can follow this guide and also use this repo which works!

https://auth0.com/blog/end-to-end-testing-with-cypress-and-auth0/
https://github.com/danlourenco/auth0-cypress-demo/

[trips11]

@rienheuver Did this work for you? I am running into same issue as yours and wanted to check if it was resolved.

[rienheuver]

@trips11 I built a workaround to get things to work which I explain here: #944 (comment)

[dimitriy-k]

anyone has a working example for authentication with IdentityServer4?

[rinshadkt]

Is this okta login issue resolved for any one.I am also facing the same issue..okta login page not loding in Cypress controlled browser

[dimitriy-k]

@rinshadkt as I understood it is a choice of Cypress not to allow to load external/different domains, so it is not an issue. After some time trying to figure it out with Cypress, moved to TestCafe where you can easily load different domains and it was good enough for me for all my needs.

[seedwalk]

@jennifer-shehane

i tried to use the one you referenced to, but it still changes domains
https://gist.github.com/ndavis/2c84ab40aaa3c98c3a8062bdb3938232

[thomsa]

I might be a bit late to the party, but you can try experimentalSessionAndOrigin in cypress.config.

This is for v11.x

module.exports = defineConfig({
  viewportHeight: 844, // iphone 12
  viewportWidth: 390,
  chromeWebSecurity: false,

  e2e: {
    experimentalSessionAndOrigin: true,
    setupNodeEvents(on, config) {
      return require('./cypress/plugins/index.js')(on, config);
    },
  },
});

I almost moved to TestCafe I must say 😆

[haimengzhang]

Hi @thomsa , I have the same issue, but adding that line experimentalSessionAndOrigin: true didn't help. It could be that a certain version of Cypress would work with that fix.
What version of Cypress did you have? (I'm running Cypress 12.12.0)

[JenCookLeap]

The experimentalSessionAndOrigin configuration option was removed in Cypress version 12.0.0.

Hi @thomsa , I have the same issue, but adding that line experimentalSessionAndOrigin: true didn't help. It could be that a certain version of Cypress would work with that fix. What version of Cypress did you have? (I'm running Cypress 12.12.0)

[jennifer-shehane]

cy.origin and cy.session are built into Cypress now. We recommend using these commands to test auth providers if you need. There are some examples of testing auth providers here in this section: https://docs.cypress.io/guides/end-to-end-testing/amazon-cognito-authentication