Chrome problems testing with Cypress

Following Cypress recommendations we use direct api calls to login in most of our tests - basically if it’s not explicitly testing the login UI we bypass it, it’s much faster that way and we tend to login rather a lot to ensure we have good role based test coverage.

Based on examples in threads like this one, we have this login code:

  method: 'POST',
  url: `${OKTA_URL}/api/v1/authn`,
  body: {
    options: {
      warnBeforePasswordExpired: 'true',
  .then((resp) => {
    const sessionToken = resp.body.sessionToken
    const qs = {
      client_id: OKTA_CLIENT_ID,
      scope: 'openid',
      nonce: getRandomString(),
      state: 'test', // fyi state is used to link requests and responses, we don't care here
      code_challenge: 'test',
      redirect_uri: OKTA_REDIRECT_URI,
      response_type: 'id_token token',
      sessionToken: sessionToken,

      method: 'GET',
      url: `${OKTA_URL}oauth2/default/v1/authorize`,
      form: true,
      followRedirect: false,
    }).then((respWithToken) => {
      const url = respWithToken.redirectedToUrl
      cy.visit(url).then(() => {
  .then((res) => {
    Cypress.log({ message: `okta login success as ${username}` })

And it works, or at least it works in Electron and Firefox.

In Chrome, it logs in, then the screen refreshes and we’re back at the okta login page.

I should add that the UI is using a pretty bar oidc-client implementation and not the okta-js pacakge if that’s relevant.

Any suggestions?

It’s disappointing that the project that I use for all of my personal development, auth0, has a nice blog post talking about how to solve this exact problem (, but if you search for the same from okta you just people who either abandoned Okta or abandoned Cypress.

are there any pointers as to what request fails in Chrome and how the response to the same request differs in Electron and Firefox?

Not a thing. Everything appears to be pretty much going along the same way until I end out back at the login page.

When/why is that screen refresh occurring and is there something on that page that is reliant on there being an Okta session in browser?