How to get an access token in Cypress environment ?

[lbdremy]

Hello,

I'm trying to implement E2E test integration using Cypress. Cypress does not recommend testing third-party applications and even cannot actually for the moment have a test where multiple domains are used, so with the OAuth2 flow in mind, it makes login impossible.

I'm looking for a way to get the access token without the OAuth2 flow (authorization_code grant), I would like to use instead the password grant flow but it is unavailable in Hydra (for example with OAuth0 service it looks like that https://auth0.com/blog/end-to-end-testing-with-cypress-and-auth0/)

Still is it possible to get the private key used for the access token generation and generate the access token myself?
Or do you have other proposals to get an access token from Hydra, that would be suitable in the Cypress environment?

Thanks a lot for your help

[k9ert]

So from my past experience independent of Ory and in combination with my last experience with cypress-testing, i'd suggest to implement different authentication-schemes in your application. If hydra is currently your only one then maybe "None" might be a valuable other one. I think this is useful for development (increasing efficiency of developers) but also testing, especially if you explicitely don't want to test all your'third-party depenendencies.

Just a couple of years ago, security people might consider that as some sort of "unsecure" but seriously: How many configuration-params are different on prod than on other environments? If one can't control that on prod, one should probably not run prod at all.

Sure, you also should test all the ory-specific processes, but i'd separate them from the other stuff. E.g. you could consider testing it in production every hour WITH the OAuth2-flow? But i don't have good tips on how to do that on practice. I Will do some research here!

Also, other opinions highly welcome!

[aeneasr]

That is definitely an option - an alternative to that would be to check our own E2E integration tests - written in Cypress - for ORY Hydra: https://github.com/ory/hydra/tree/master/cypress :)

[lbdremy]

Hello @k9ert and @aeneasr ,

Thanks for your replies.
When you say:

If hydra is currently your only one then maybe "None" might be a valuable other one.

What do you mean by "None" ? In order to run my integration test suite, I need to have an access token that corresponds to different users so I can test the flow, pages, features available to them, they can be different between users, so does Hydra has a grant type "None" allowing to get an access token for any users without credentials?

@aeneasr thanks for your message, but I'm in an environment where hydra, the auth server, and the app server have different domains and cypress does not support multiple superdomains (cypress-io/cypress#1394), it seems I will have to find a way to have all servers running on the same superdomain one way or another, your test suite runs on the same domain but different ports it works fine like that (https://github.com/ory/hydra/blob/master/cypress.json).

[k9ert]

What do you mean by "None" ?

With "None", i did not reference to any hydra-specific stuff here but rather would suggest that you make your Authentication-scheme configurable in your application-code. In general, ideally your code should be well separated from infra-details like "hydra" or "insert-your-database-flavor-here".

In order to run my integration test suite, I need to have an access token that corresponds to
different users so I can test the flow, pages, features available to them, they can be different between users,

That's what i potentially suggest to change. And i'm assuming here that value of your cypress-tests is not coming from testing the hydra-integration but your business-code and use-cases. However, this is only one option and maybe including the integration in the test as references by Aeneas is the much better option.

[vinckr]

Hey @lbdremy , just checking in if your problem still persists.
If not, could you please select the correct answer or provide your solution to mark this as answered?
Thanks a ton 🙏

[lbdremy]

Hello @vinckr,

Thanks, the solution I found was to have all apps running under the same parent domain i.e. login.example.com, auth.example.com, app.example.com, they all share the same domain example.com in this situation Cypress limitation is not hit. They also need to run under the same port.

Hope it helps the next person with this issue.