At my previous job, we had used Cypress for an internal React application but had to remove it due to incompatibility with our single sign on.
Each application either used the same OAuth solution that customers used or they used Okta which was more common for internal applications. It was a little unclear which was supposed to be used as some applications used the former and then it was common to have a "backend for frontend" that would solely deal with communicating between... ah, you know what, I don't even want to think about it.
Suffice it to say, the React application in question made use of the okta-react library which meant that the actual SSO dance was part of the Javascript bundle being shipped
That in itself isn't a problem but Cypress seems strongly designed around the idea that you never leave the domain. We got that to work but then when 2FA was mandated, we were kind of screwed.
We didn't have a TOTP seed to generate a passcode as part of the auth flow which is highly questionable of course but we also didn't have a solution to bypass the actual authentication step either, as it wasn't an API call to a backend (we controlled)
Anyway, we tried making a service account that has 2FA disabled only to discover that 2FA was mandated at a network level (unless you were on a specific subnet we later discovered) meaning we would just see some arbitrary "error 53"
Anyway, This isn't to say that Cypress is anyway at fault here but I have seered in my memory, from the tens of hours spend on this crap, the sight of threads where people would "How do I use this with Okta" and the developers essentially saying "Oh, yeah, you shouldn't be doing that".
Having said all that, while I remember finding Cypress pretty handy, I'm more fond of Testcafe myself :)
Ah also, I believe a lot of teams made use of a Zalenium... cluster? Bunch of instances anyway. I also recall a number of people having the above issue with no solutions
> That in itself isn't a problem but Cypress seems strongly designed around the idea that you never leave the domain.
Same here with PayPal or 3d-secure. I am actually baffled by the decision - what kind of applications did they thought was going to get tested - Todo apps?
Last I checked there was GH issue and they said that it will get addressed, I hope.
What they are also saying is that it is bad practice, you should send API requests from the tests that simulate the payment, for example. I find this BS, IMO the automation tests simulate user and user would not send API requests but click buttons on the screen.
In the particular case I mentioned above, it seemed the recommended avenue was to do sign in on the backend so you could mock it out.
Sounds fine on paper but in our case, we called out to multiple backends, with no unifying gateway that traffic reached them through as they were owned by different teams.
Realistically, that was a discipline issue rather than a technical issue of course but I do wonder how many organisations find tools like Cypress a non-starter due to their impure set up
Each application either used the same OAuth solution that customers used or they used Okta which was more common for internal applications. It was a little unclear which was supposed to be used as some applications used the former and then it was common to have a "backend for frontend" that would solely deal with communicating between... ah, you know what, I don't even want to think about it.
Suffice it to say, the React application in question made use of the okta-react library which meant that the actual SSO dance was part of the Javascript bundle being shipped
That in itself isn't a problem but Cypress seems strongly designed around the idea that you never leave the domain. We got that to work but then when 2FA was mandated, we were kind of screwed.
We didn't have a TOTP seed to generate a passcode as part of the auth flow which is highly questionable of course but we also didn't have a solution to bypass the actual authentication step either, as it wasn't an API call to a backend (we controlled)
Anyway, we tried making a service account that has 2FA disabled only to discover that 2FA was mandated at a network level (unless you were on a specific subnet we later discovered) meaning we would just see some arbitrary "error 53"
Anyway, This isn't to say that Cypress is anyway at fault here but I have seered in my memory, from the tens of hours spend on this crap, the sight of threads where people would "How do I use this with Okta" and the developers essentially saying "Oh, yeah, you shouldn't be doing that".
Having said all that, while I remember finding Cypress pretty handy, I'm more fond of Testcafe myself :)
Ah also, I believe a lot of teams made use of a Zalenium... cluster? Bunch of instances anyway. I also recall a number of people having the above issue with no solutions