This sample showcases how an Azure AD protected single page application using MSAL.js 2.x can be tested. It uses the ROPC authentication flow to acquire tokens for a test user account, and injects them into browser local storage before running the tests. This way MSAL.js does not attempt to acquire tokens as it already has them in cache.
Repository contents:
To run this application, you will need to create an app registration and a user account in an Azure AD tenant. It is recommended that all of this is done in a development/test tenant and not your production environment.
Information for app registration:
https://localhost:44338
(Single Page Application type)Take note of:
The user account should be a local user in the AAD tenant with no MFA enabled. Set a secure password on it. Take note of:
Now that we have all of this info, we can configure the app.
To configure the API, open UiTestAutomation/appsettings.json
and specify values in the Authentication section:
https://login.microsoftonline.com/
+ your directory id/tenant idTo configure the single page app, open UiTestAutomation/ClientApp/src/auth.js
and specify:
https://login.microsoftonline.com/
+ your directory id/tenant idNow the app can be run and tested. You should be able to view the weather forecast page that fetches data from the API. If you get the data, everything is working correctly.
To configure the Cypress tests, create UiTestAutomation.Cypress/cypress/support/authsettings.json
, and fill it in based on the authsettings.sample.json
in the support folder:
https://login.microsoftonline.com/
+ your directory id/tenant idConfiguring the Selenium tests is done through user secrets.
The values are the same as Cypress tests, except apiScopes
needs to be scopes
instead in the user secrets.