Login command using the cy.origin no longer works in 10.6

[anbeck77]

Current behavior

Using a login command that with cy.origin and with Cypress configured to use experimentalSessionAndOrigin: true,
I was previously (Cypress.10.2) able to use idaas to handle authentication.
After uprading to Cypress.10.6 this resulted in the browser loading a page labelled BAD REQUEST.
The console had no useful error message or details.

I'm not sure what happened here, and I'd like to be able to fix it myself as we need to be able to authenticate out test users via idaas.

Desired behavior

The Cross-origin request should be successful and I should be able to continue to navigate on the website under test.

Test code to reproduce

Cypress.Commands.add('login', (username, password, idaasEnv) => {
  const args = { username, password, idaasEnv }

  cy.visit(`/myidaas${idaasEnv}.onmicrosoft.com`,
  onLoad: (contentWindow) => {
    console.log('Login page loaded.')
  })
  cy.origin(`${idaasEnv}.login.mycompany.com`, { args: {username, password, idaasEnv}}, ({ username, password, idaasEnv }) => {
    console.log(`idaas is ${idaasEnv}`)
    Cypress.on('uncaught:exception', (err, runnable) => {
        // returning false here prevents Cypress from
        // failing the test
        return false
    })
  })
  .url()
  .should('include', `${idaasEnv}.login.mycompany.com/myidaas${idaasEnv}.onmicrosoft.com`, { timeout: 15000 })  
  
  cy.contains('User ID', { timeout: 15000 })
  cy.get('#logonIdentifier').type(username).should('have.value', user name)
  cy.get('#password').type(password)
  cy.get('#next').click()
  cy.url().should('contain', 'qa.newModernReactBasedWebapp.mycompany.net')
});

Cypress Version

10.6.0

Node version

v16.17.0

Operating System

Windows 10 Enterprise

Debug Logs

Should/contain does not pass as the page loaded is a blank white web page with the words Bad Request.

Other

No response

[mike-plummer]

Hi @anbeck77 , thanks for opening an issue! Unfortunately I don't have enough information to assist you at this time - it appears some formatting/content was lost in the code snippet you included which makes it difficult to determine if there is a bug in Cypress or an issue with your test configuration.

Issues with authentication flows are often related to cookies which are very browser-dependent, so it would be helpful to know precisely what browser & version you're using and whether the test fails on Chrome/Electron/Firefox/all browsers. There were a number of changes made to cookie handling in versions 10.3.0 and 10.3.1 so it is possible that one of those changes impacted you, but without a runnable reproduction it will be difficult to identify the precise cause.

To best assist you with your problem a Git repository with a minimal reproduction of the issue would be the best way to identify what's going on, but if that can't be provided then screenshots and/or a video of the failure would also be helpful. If neither of those can be provided then we would need to rely on debug logs, please see our Troubleshooting Guide for instructions for enabling debug logs and attach the output here.

[boylec]

I believe this is related to #23531.

I’m experiencing the same issue as the OP. Rolling back to 10.3 fixes it for me.

10.3.1 breaks my login test in a unique way.
10.4+ breaks my login test as described by OP.

Basically when I run the login sequence in a normal browser (and login works) a series of requests and redirects is fired off where some rely on the previous setting a particular cookie.

On the final request 2 cookies are passed in and the request returns a 302 with embedded auth state (tokens and such) back to the application.

When run from Cypress, this final request is missing 1 of those cookies.

It seems that the missing cookie would have been set on the client side directly in document.cookies as a result of one of the previous requests in the login sequence (not as a direct result of a Set-Cookie)

Its difficult to give more detail because the code under test during the login experience cannot be debugged as it lives in a federated identity provider and is minified.

Sounds like the OP and I are using the same identity provider and thus experiencing the same test failures: Azure Active Directory B2C.

[anbeck77]

@mike-plummer It is my intention to record a video, then upgrade and record the same video. It's just a matter of when. :)

[emilyrohrbough]

@anark I am going to go ahead and close this a duplicate of #23531 base on how you've describe how your application/login should work verse how it is working in Cypress.

As I am sure you are aware of by now, there were several cookie-related issues logged where cookies stop working as expected after the 10.3.0 release. Once those are fixed and if you issue is not resolved, please comment & we can re-open and try to create a reproducible example and/or dig into your logs so can figure out why this is no longer working.

Thank you for the details you have provided! 🙏

[anark]

@anark I am going to go ahead and close this a duplicate of #23531 base on how you've describe how your application/login should work verse how it is working in Cypress.

As I am sure you are aware of by now, there were several cookie-related issues logged where cookies stop working as expected after the 10.3.0 release. Once those are fixed and if you issue is not resolved, please comment & we can re-open and try to create a reproducible example and/or dig into your logs so can figure out why this is no longer working.

Thank you for the details you have provided! 🙏

I think this comment was meant for @anbeck77 not me

[emilyrohrbough]

@anark Ooops 😅 sorry about that! You are correct. Meant for @anbeck77.