Tests stopped executing after redirect to google login page

[ZelunZhang]

Current behavior:

Testing our website which redirects to google login page to authenticate. But the tests stopped executing after the webpage is redirected.

Desired behavior:

The tests should continue executing after redirection.

How to reproduce:

Please run the following test, you will identify the problem after the line of "cy.get('#gb_70') .click()"

describe('Google Map', function () {
  it('.should() - assert that <title> is correct', function () {
    cy.visit('https://www.google.co.uk/maps')
     cy.wait(10000)
    // cy.get('#vasquette').click()
    cy.get('#vasquette').within(() => {
       cy.get('#gb_70') .click()
     })
     cy.wait(10000)
     cy.get('#identifierId')
       .type('xyz@gmail.com').should('have.value', 'xyz@gmail.com')

       cy.get('#identifierNext')
       .click()

       cy.get('#next')
       .click()
  })
})

Test code:

describe('Google Map', function () {
  it('.should() - assert that <title> is correct', function () {
    cy.visit('https://www.google.co.uk/maps')
     cy.wait(10000)
    // cy.get('#vasquette').click()
    cy.get('#vasquette').within(() => {
       cy.get('#gb_70') .click()
     })
     cy.wait(10000)
     cy.get('#identifierId')
       .type('xyz@gmail.com').should('have.value', 'xyz@gmail.com')

       cy.get('#identifierNext')
       .click()

       cy.get('#next')
       .click()
  })
})

Additional Info (images, stack traces, etc)

• Operating System: Mac OS
• Cypress Version: Beta Version 2.0.2
• Browser Version: Chrome 64

[brian-mann]

Testing Google Auth is a well described anti-pattern that's been asked on here several times and is not supported.

Testing 3rd party sites you don't control is never a good idea - and there is always a better approach.

In this case what you're describing is testing oAuth. To test that - you'll need to go through Google's programmatic API's directly with cy.request() - as opposed to using the UI.

Trying to use Google or other 3rd party login provider is against their terms of service (they explicitly disallow logging in via bots) and they will block you. Even trying to run automated tests against www.google.com search will not work. They have advanced anti-bot protection measures that will throw up Captcha's. Worse, they do A/B testing and modify their login service UI's on a regular basis. The only way to utilize them is to use their programmatic API's directly and avoid the UI.

With that said - ideally you wouldn't even do this - the whole purpose of logging into a 3rd party is to receive a token, which you can usually bypass entirely if your server does not actually use it for a direct integration with the provider.

For more details see here: https://docs.cypress.io/guides/references/best-practices.html#Visiting-external-sites

PS: we recently did a presentation at assertjs.com talking about this very issue - and when the talk is posted, we'll link you to that here.

[denkristoffer]

@brian-mann Is this the talk? https://www.youtube.com/watch?v=5XQOK0v_YRE

[DanielStoica85]

@brian-mann what about that presentation, is it online?

[brian-mann]

Yes, that is the one.

[kutlaykural]

@ZelunZhang could you solve your problem. Can you share your solution code? thank you

[hdavidzhu]

@brian-mann Do you know of a good example of Google's Oauth implementation in Cypress? I'm looking at https://github.com/cypress-io/cypress-example-recipes/blob/master/examples/logging-in__single-sign-on/cypress/integration/logging-in-single-sign-on-spec.js and am curious how this looks when interacting with Google.

[gurkpet]

@brian-mann ditto

[TomaszWaszczyk]

@brian-mann What you think about the plugin: https://github.com/lirantal/cypress-social-logins is it recommended?

@hdavidzhu Look at the plugin I have mentioned.

[emoriarty]

@TomaszWaszczyk the cypress-social-login is listed in the plugins page of the official docs. Therefore I think it is a good choice since the Cypress team includes the plugin as a valid solution.

[chan-dev]

@hdavidzhu were you able to find a google oauth2 implementation?

[estefafdez]

thanks for sharing the code!

[AtofStryker]

Hey all. Google OAuth / OIDC should now work with Cypress 10.11.0 and up with cy.origin with the experimentalModifyObstructiveThirdPartyCode and experimentalSessionAndOrigin flags. However, similar to the disclaimer made in cypress-social-plugins, Google will likely start to fail in CI due to bot detection, which is outside the scope of automation testing. Their disclaimer:

This plugin doesn't work well in a CI environment, due to the anti-fraud detection mechanisms employed by the likes of 
Google, GitHub etc. Why? If you attempt to login from a CI machine which has different IPs, geolocation and other fingerprint 
identification which the account you use isn't normally attempting a login from, then this will trigger Multi Factor 
Authentication, CAPTCHA, or other means of confirming the identity. When those extra steps are needed, this plugin doesn't 
work well around them.

However, outside the realm of bot detection, cy.origin should and will work will all of those social providers listed in their readme, including the TBDs. There will be more on this in the Cypress 12 release, which will be reflected on docs.cypress.io.

A lot of the points @brian-mann made in his original response are still valid. cy.origin will give you the ability to test these, but 3rd party logins that you do NOT control (including social login through authentication as a service) are likely not a good idea for all the reasons he has stated. However, login screens that are hosted on different domains that you DO control that provide an OIDC/OAuth flow can almost certainly be tested safely, such as owned instances of Auth0, Okta, Microsoft, Cognito, Keycloak, etc. I hope this helps. If you have a hard dependency on logging into google consistently in CI, programmatic login is still the recommended approach.