Ilesh Darji

Testing Login and Authentication Flows in Cypress

Testing login and authentication flows is one of the most critical parts of end-to-end testing. In Cypress, you can validate login behavior through UI interactions, direct API requests, or by injecting authentication tokens for faster tests.

🔐 Types of Authentication Testing in Cypress

  1. UI-based Login – Enter credentials via the login page.
  2. API-based Login – Authenticate by sending direct requests.
  3. Token Injection – Manually set tokens in localStorage or cookies.

1️⃣ UI-Based Login Test

Simulates real user behavior:

describe('UI Login', () => {
  it('logs in through the login form', () => {
    cy.visit('/login')
    cy.get('input[name="email"]').type('user@example.com')
    cy.get('input[name="password"]').type('securepassword')
    cy.get('button[type="submit"]').click()
    cy.url().should('include', '/dashboard')
  })
})

✅ Best for testing frontend form behavior, error messages, validations.

2️⃣ API-Based Login Test

Faster and more reliable for backend auth:

describe('API Login', () => {
  it('logs in using an API call', () => {
    cy.request('POST', '/api/login', {
      email: 'user@example.com',
      password: 'securepassword'
    }).then((response) => {
      expect(response.status).to.eq(200)
      window.localStorage.setItem('token', response.body.token)
    })
    cy.visit('/dashboard')
  })
})

✅ Ideal for bypassing the UI to focus on authenticated functionality.

3️⃣ Token Injection

Used when tokens are already known or mocked:

beforeEach(() => {
  window.localStorage.setItem('token', 'mocked-jwt-token')
})

✅ Great for integration testing where the login process is tested separately.

🧠 Tips for Authentication Testing

  • Test both success and failure cases.
  • Use fixtures to manage user credentials.
  • Keep secrets out of version control — use Cypress environment variables.

🚀 Final Thoughts

Whether you’re testing login forms or token-based sessions, Cypress offers multiple approaches to simulate authenticated user flows. Use UI login for realism, API login for speed, and token injection for full control.

Next in Series: Multi-User and Role-Based Testing in Cypress

December 8, 2024 cypress authentication login testing