1

I have:

I would like to run a Cypress end to end test on the web app, which is protected by a login page using an Authorization Code Flow via my IdentityServer.

My understanding is that Cypress is not able to navigate away to an external page and back again, so mocking the authorization code flow is not possible. Instead, I have seen example of how auth0 gets around this by using a grant type of password.

Can I therefore do a similar thing and add a password grant type to my client's grant type in IdentityServer, and then have Cypress make an API request and retrieve back an ID and access token this way?

If yes, I'm unsure how to go about passing these into my application through Cypress, so that the BFF framework is able to use these the same way that it would through the original authorization code flow.

Would really appreciate if anyone has solved any of these issues, or has any suggestions - thanks.

jimmytricks
  • 41
  • 4

1 Answers1

1

I will focus on the following quoted question:

Can I therefore do a similar thing and add a password grant type to my client's grant type in IdentityServer, and then have Cypress make an API request and retrieve back an ID and access token this way?

As you state - this requires the grant password to be enabled. I have a similar Cypress test that does this against IdentityServer 4 (using a command):

Cypress.Commands.add('identityServerGetAccessToken', (username, password, identityServerUrl) => {
    var tokenEndpoint = identityServerUrl + 'connect/token'
    return cy.request({
        method: 'POST',
        url: tokenEndpoint,
        followRedirect: true,
        form: true,
        body: {
            client_id: 'myclientid',
            grant_type: 'password',
            username: username,
            password: password
        }
    });
});

This will return a cypress chainable with the response as a parameter. In this example I check that my api url returns 401 without access token and 200 with.

let myApiUrl = 'http://myApiUrl';

describe('Api call requires access token tests', () => {
 
  it('Call api - without access token - returns 401', () => {
    cy.request({
      url: myApiUrl,
      failOnStatusCode: false
    })
      .its('status')
      .should('eq', 401);
  });
      
  it('Call api - with access token - returns 200', () => {
    cy
      .identityServerGetAccessToken(username, password, identityServerUrl)
      .then(response => {
        var accessToken = response.body.access_token;
        cy.request({
          url: myApiUrl,
          failOnStatusCode: false,
          headers: {
            authorization: 'Bearer ' + accessToken
          }
        })
        .its('status')
        .should('eq', 200);
  });
});
maets
  • 750
  • 6
  • 18