How to identify and authorize the world

Here is a real-life when you need to push yourself in a completely different world. When you don't understand the topic, trying to find any answer just googling 'regular expressions' instead of precise technical granulated words on the web.... wasting hours on simple questions when people around you just watching and enjoying your progress :)

All my new challenges with Cypress involved me investigate new areas that were closed for me before. I wondered what is auth/ident world is doing and how to solve real problems with auth0 or understand what a difference for IdentityServers is.

Now I can say a big thank you for all advice that I have got from @Kristaps and @Adam. My respectful colleagues who can help me to solve a lot of problems.

And now is the general part of this article.

After this notification, I understood that it would be good to share some links and info here regarding Cypress and all issues which any test engineer needs to solve.

After this notification, I understood that will be good to share some links and info here regarding Cypress and all issues which any test engineer needs to solve.

Starting June 30th, 2020 we will no longer add any new features to Azure Active Directory Authentication Library (ADAL) and Azure AD Graph. We will continue to provide technical support and security updates but we will no longer provide feature updates. Applications will need to be upgraded to Microsoft Authentication Library (MSAL) and Microsoft Graph

Here is a short list of helpful links that can help you to investigate related technologies. Of course, they can block your writing test process with Cypress because you are not so cool in this magic. At least you can understand why there are such examples from StackOverflow or Git not working. Which are not working in your case, and what is going on at all.

Let's start:

1. ADAL- Azure Active Directory Authentication Library,
2. MSAL - Microsoft Authentication Library
3. OIDC - 'OpenID Connect is an identity layer built on top of the OAuth 2.0 framework. It allows third-party applications to verify the identity of the end-user and to obtain basic user profile information. OIDC uses JSON web tokens (JWTs), which you can obtain using flows conforming to the OAuth 2.0 specifications. See our OIDC Handbook for more details.

I was excited to find the article ' An Illustrated Guide to OAuth and OpenID Connect' and can't skip it at all. Just look at the picture and you will understand that it's a really cool explanation of quite specific flow.

Few words and links that can help you to understand where you made a mistake with Cypress and those magic tests for getting hidden authorization.

First of all, you need to understand what kind of approach, configuration, data, restrictions, rules, supersonic power, etc... :D you have for your infrastructure/application/user access.

Then try to get as much as possible from your dev team, because in some cases your expectations will fail for some trivial reasons. Or you did not explain properly what exactly you want to get or why you need to have confirmed configuration without wasting time on the debugging API calls with Fiddler, or playing with Postman. Or this token is not possible to generate at all by API public.

Yes, that is real life but all this staff was developed by someone and the root of the problem is not you at all.

Next articles and posts related to the Cypres authorization, auth0, cross-origin restrictions can help you to find the best approach for your tests:

1. An in-depth overview of writing Cypress end-to-end tests when using Auth0
2. End-to-End Testing with Cypress and Auth0
3. Cypress <> IdentityServer: Cracking the OIDC protocol
4. Azure AD Authentication in Cypress Tests
5. GIT repo for p.4 >> sandrinodimattia . You can try it as well.
6. Cypress web security limitations

You can find 100000 examples in the articles, but theory is nothing without practice.

I understood this after some courses and challenges and have only one suggestion to participate in the labs. Of course, you can find something for free but unfortunately, in real-world, it's not working. You need to choose what is betterer for you or you will invest in your devices or will pay for virtual labs.

I want to share my choice and will try to update the list from time to time:

1. Professor Messer - CompTIA A+, Network+, and Security+ training videos, notes, study groups, and IT certification study material.
2. Cybrary - is an open-source cybersecurity. IT learning and certification preparation platform. It has a lot of paths and covering different topics
3. Pentesterlab - web hacking platform with excellent examples and labs. More focused on the web.