babangsund / cypress-keycloak Goto Github PK
View Code? Open in Web Editor NEWCypress commands for Keycloak
License: MIT License
Cypress commands for Keycloak
License: MIT License
The default path of the keycloak server seems to be changed from https://host:port/auth/
to https://host:port/
since keycloak 17.0. (You can notice it if comparing what the document for 17.0 and one for 16.1 say for auth-server-url
.)
Can you consider to set the default of path_prefix
for login
and login_OTP
to blank, not auth
?
Related to #29
From keycloak 18 If post_logout_redirect_uri
and id_token_hint
parameters are not sent with logout request, confirmation prompt will be displayed and user will not be automatically logged out.
This is a default behaviour, as post_logout_redirect_uri
and id_token_hint
are optional.
It would be great if library could handle logout confirmation prompt
Hello
First of all thanks for this package I've been using it in my work.
But after upgrading to keycloak 18.0.2 the login ceased to work.
So I console logged the body of the response after cy.request()
in login.ts
And I found that Keycloak is redirecting the request with a status of 302
and a URL : /#error=invalid_request&error_description=Missing+parameter%3A+code_challenge_method&state=afe8ee1c-a801-4c80-8e51-1ab25afdca22
And after a bit of goggling I found that the login have to implement the PKCE feature.
So then I changed the login to take code_challenge
and code_challenge_method
as params
Cypress.Commands.add(
'login',
({
root,
realm,
username,
password,
client_id,
redirect_uri,
path_prefix = 'auth',
kc_idp_hint,
code_challenge, // added this here
code_challenge_method // and this here
}) =>
cy
.request({
url: `${root}${
path_prefix ? `/${path_prefix}` : ''
}/realms/${realm}/protocol/openid-connect/auth`,
qs: {
client_id,
redirect_uri,
kc_idp_hint,
scope: 'openid',
state: createUUID(),
nonce: createUUID(),
response_type: 'code',
response_mode: 'fragment',
code_challenge, // here
code_challenge_method, // and here
},
})
.then((response) => {
console.log('keycloak login page = ', response);
const html = document.createElement('html');
html.innerHTML = response.body;
const form = html.getElementsByTagName('form');
const isAuthorized = !form.length;
if (!isAuthorized)
return cy.request({
form: true,
method: 'POST',
url: form[0].action,
followRedirect: false,
body: {
username,
password,
},
});
})
);
And It's working now.
So I think I have to make a Pull request with this change but I'm unsure if the package needs to generate these variables or does the user have to pass them like I did
Please add peer dependency for Cypress 12
Now is:
"peerDependencies": { "cypress": "^6.5.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0" }
Should be:
"peerDependencies": { "cypress": "^6.5.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0 || ^12.0.0" }
I think when keycloak is configured to use code verifiers, these libraries no longer work. I've been trying to integrate them into my cypress testing environment. Any plans on adding this capability? I will study the keycloak.js and see if I can figure out how they are doing it.
In the Readme https://github.com/babangsund/cypress-keycloak/blob/edc34e705bb28ace5f40801f9620f435cd4860c3/README.md
It shows:
cy.logout({ ... }):
root: string
realm: string
redirect_uri: string
path_prefix?: string = "auth"
But in the index.d.ts file:
cypress-keycloak/src/index.d.ts
Lines 1 to 8 in edc34e7
The logout method does not accept a path_prefix. Happy to contribute a PR but what is the source of truth here?
We have multiple Users with different Permissions and want to choose which user to login per test.
I currently override the login-function:
// cypress/commands.ts
declare global {
namespace Cypress {
interface Chainable {
login(username?: string, password?: string): Cypress.Chainable
}
}
}
and use Cypress.Commands.overwrite to implement it:
// cypress/commands.ts
Cypress.Commands.overwrite('login', (originalFunktion, username: string = '', password: string = '') => {
// @ts-ignore
originalFunktion({
realm: '<realm>',
root: '<root>',
client_id: '<client_id>',
username,
password,
redirect_uri: 'http://localhost:8080/',
})
})
This works but i have to add the ts-ignore-comment and do not get the autocomplete-functions.
The best solution (for me) would be to import the login function.
// cypress/commands.ts
import {login} from 'cypress-keycloak'
declare global {
namespace Cypress {
interface Chainable {
login(username?: string, password?: string): Cypress.Chainable
}
}
}
Cypress.Commands.add('login', (username, password) => {
login({
realm: '<realm>',
root: '<root>',
client_id: '<client_id>',
username,
password,
redirect_uri: 'http://localhost:8080/',
})
})
Can we have peerDependencies
include version 11 of Cypress?
"peerDependencies": {
"cypress": "^6.5.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0" # Right here
},
Hi.
Using this add-on to login gives me an error in Chrome console:
โ ERROR Error: Uncaught (in promise): Error: The user profile was not loaded as the user is not logged in. Error: The user profile was not loaded as the user is not logged in.
It seems there is no redirection happening when using cy.login(). Going to a URL using cy.visit() works after I login. But this error remains in the console.
Cypress tests using keycloak and Chrome browser are no longer working.
cypress 7.0.1
cypress-keycloak 1.7.0
Chrome 96
chromeWebSecurity is set to false according to this:
https://docs.cypress.io/guides/guides/web-security#Disabling-Web-Security
Redirect after login is not working because some cookies used by keycloak are rejected.
Same tests run successfully using Firefox.
The issue is related to this:
https://issues.redhat.com/browse/KEYCLOAK-12125
Apparently there is a workaround disabling the session-iframe but I do not know how to do that using cypress-keycloak
https://www.keycloak.org/docs/latest/securing_apps/index.html#session-status-iframe
Any idea how to fix this issue?
Thanks in advance
cy.session(()=>{
cy.logout(...);
cy.login(...)
}
)
I'm trying to hide my credentials using https://github.com/bahmutov/as-a
If I use the login()
method, passing my credentials in to the username
and password
fields, everything works just fine.
But when I try to reference those same exact same values by using Cypress.env('username')
and Cypress.env('password
) - the authentication fails everytime.
I've tried toString()
and encodeURI()
but to no avail. Any ideas are welcome!
I am new to cypress-keycloak, but I tried following the tutorial and I'm getting a 400 error from keycloak, and it seems to be due to a missing client_id parameter.
Is anybody else affected, or can reproduce?
EDIT: My client is not public; this may be the issue. Normally authentification is handled by the back-end service, but for cypress tests it is recommended that cypress handles the auth, so adding support for client_secret would be advisable.
Cypress package version: 4.12.1
Cypress binary version: 4.12.1
cypress-keycloak version: 1.5.0
keycloak version: 6.0.1
---My test:
test_js.txt
---My log:
log.txt
---Summary:
It seems that the url requested, https:///auth/realms//protocol/openid-connect/auth, does not have any parameters. Keycloak responds "We're sorry... Missing parameters: client_id".
However the parameters are indicated in the login call.
Hi guys :)
Any ideia why the client_id is missing on the URL ?
I got this error:
request GET --- https://keycloak.babangsund.com/auth/realms/stage/protocol/openid-connect/auth
I used the example from the README:
describe('thing', () => {
beforeEach(() => {
cy.login({
root: 'https://keycloak.babangsund.com',
realm: 'stage',
username: 'babangsund',
password: 'bacon',
client_id: 'frontend',
redirect_uri: 'https://babangsund.com/',
});
// or login with OTP
cy.loginOTP({
root: 'https://keycloak.babangsund.com',
realm: 'stage',
username: 'babangsund',
password: 'bacon',
client_id: 'frontend',
redirect_uri: 'https://babangsund.com/',
otp_secret: 'OZLDC2HZKM3QUC...', // e.g. 32 chars
otp_credential_id: '5e231f20-8ca7-35e1-20a694b60181ca9', // e.g. 36 chars
});
});
afterEach(() => {
cy.logout({
root: 'https://keycloak.babangsund.com',
realm: 'stage',
// using Keycloak < 18.0.0:
// redirect_uri: 'https://babangsund.com/',
// using Keycloak >= 18.0.0:
post_logout_redirect_uri: 'https://babangsund.com/',
});
});
});
Cypress has released a new major version (10.0.0). Please add it to the peer dependencies so I can update my project to the latest version.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/cypress
npm WARN dev cypress@"^10.0.3" from the root project
npm WARN 1 more (cypress-keycloak)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer cypress@"^6.5.0 || ^7.0.0 || ^8.0.0 || ^9.0.0" from [email protected]
npm WARN node_modules/cypress-keycloak
npm WARN dev cypress-keycloak@"^1.8.0" from the root project
I connect to my client in my app using standard flow and pkceMethod set to 'S256'.
keycloak
.init({ flow: 'standard', pkceMethod: 'S256' })
How can I specify these when using this package?
Cypress 11, our logout functionality is working just fine
With Cypress 12+, it stopped working
Our logout command:
Cypress.Commands.add('logoutKC', () =>
cy.logout({
root: ENVS.keycloak_root,
realm: Cypress.env('keycloak_realm'),
post_logout_redirect_uri: ENVS.keycloak_redirect,
}),
);
Usage:
afterEach(() => {
cy.logoutKC();
});
Running: "cypress-keycloak": "2.0.1"
Any ideas?
Keycloak 18 will not handle the redirect_uri
param anymore which is used here.
The Breaking Change in Keycloak is described in the Release Notes - Section "Migration from 17.0 -> OpenID Connect Logout".
The params post_logout_redirect_uri
together with the parameter id_token_hint
should be handled.
Keycloak version I am working with: 17.0.1
When a keycloak client is set to confidential
, you always have to pass the client_secret
when fetching a token.
Even with grant_type
set to password
.
This means that I need to pass the client_secret
to the login
method.
So I would think adding client_secret
as a optional parameter to the login
method is needed.
As per the example, I added a cy.logout
in my afterEach
hook. Login in beforeEach
works just fine, but as soon as it tries logging out, I get an error from Keycloak saying that id_token_hint
is missing. I'm not sure on what I should fill in there. I think it might be the Keycloak token (which isn't accessible as mentioned in ticket #39.
Apologies if this is an obvious one, I'm not that experienced with OIDC and whatnot.
Versions :
Here is my test :
describe('Admin / login page', () => {
before(() => {
cy.task('db:seed');
cy.mailhog('clear');
});
it('Should login', () => {
cy.login({
client_id: 'admin',
password: 'adminadmin',
realm: 'bilik',
redirect_uri: 'http://admin.devbilik.loc/',
root: 'http://auth.traefik.loc',
username: '[email protected]',
}).then((el) => {
console.log(el);
cy.visit(`${Cypress.env('ADMIN_URL')}/`);
cy.get('#username').type('[email protected]');
cy.get('#password').type('adminadmin');
cy.get('#kc-login').click();
});
// cy.contains('Tableau de bord');
// cy.logout();
});
});
For some reasons, the requests seems to pass (requests from the cypress-keycloak plugin) :
But when I do a cy.visit()
right after the login
, my app keep redirecting me. It's a react app. The funny thing is when I login though the Cypress browser, it's working perfectly : http://auth.traefik.loc/auth/realms/bilik/protocol/openid-connect/auth?client_id=admin&redirect_uri=http%3A%2F%2Fadmin.devbilik.loc%2F&state=09736f9f-73c9-473a-93b7-1f6542102309&response_mode=fragment&response_type=code&scope=openid%20offline_access&nonce=2399c1c6-7752-48a7-8f57-cdc472e66a4b
What do I miss here ? Thanks.
Hi, I'm trying to authenticate to my API which uses OTP to login, but I'm having a hard time figuring out where do i find the otp_secret and the otp_credential_id.
I'm not sure this would be the place to ask, it's more of a keycloak question, but since there is an example in the documentation I was hoping someone could give any kind of directions.
Thanks
Good morning,
Thanks for your great work.
When attempting to install cypress-keycloak as a project dependency the folling NPM Error is generated:
% npm install --save-dev cypress-keycloak@latest
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! Found: [email protected]
npm ERR! node_modules/cypress
npm ERR! dev cypress@"^6.2.1" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! dev cypress-keycloak@"1.5.0" from the root project
npm ERR!
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/cypress
npm ERR! peer cypress@"^3.6.0" from [email protected]
npm ERR! node_modules/cypress-keycloak
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See /Users/iammac/.npm/eresolve-report.txt for a full report.
Plugin dependency is not compatible with Cypress 13
As described on the docs: https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapter
Is Cypress-Keycloak supporting the ability just to grab the token?
This old Cypress-Keycloak-Commands repo is supporting following:
describe("Keycloak Login", () => {
beforeEach(() => {
cy.kcLogout();
cy.kcLogin("user").as("tokens");
cy.visit("/");
});
it("should call an API with the token", () => {
cy.get("@tokens").then(tokens => {
cy.request({
url: "/my_api"
auth: {
bearer: tokens.access_token
}
});
});
});
});
https://github.com/Fredx87/cypress-keycloak-commands#get-user-tokens-for-calling-apis-from-e2e-tests
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.