Problems with UI authorization in Salesforce

[viktarIncountry]

Previously we used the following solution:
cy.request({ body: { pw: credentials.password, un: credentials.username, }, form: true, log: Cypress.env('isDebugLog'), method: 'POST', url: Cypress.env('salesforceLoginUrl'), })

But after the latest security update, this solution no longer works, since MFA is required.
We tried using this solution:
https://help.salesforce.com/s/articleView?id=000386254&type=1

Authorization succeeds, and we're logged into UI. However, when accessing the page via cy.visit(), we get an error:

The following error originated from your application code, not from Cypress.
Unable to read the Aura token from the response.
This error was thrown by a cross origin page. If you wish to suppress this error you will have to use the cy.origin command to handle the error prior to visiting the page.

Has anyone encountered this problem?

[manimovassagh]

The error message is telling you exactly what to do — you need to use cy.origin() to handle the cross-origin authentication flow. Salesforce's login page is on a different origin than your app, and after their MFA/security update, the redirect flow likely involves additional cross-origin hops.

Here's the general approach:

1. Use cy.origin() for the Salesforce login flow:

cy.visit('/');

// Handle the Salesforce login on its origin
cy.origin('https://login.salesforce.com', { args: { username: credentials.username, password: credentials.password } }, ({ username, password }) => {
  cy.get('#username').type(username);
  cy.get('#password').type(password);
  cy.get('#Login').click();
});

// After redirect back to your app
cy.url().should('include', 'your-app-domain');

2. Suppress the Aura token error if needed:

The "Unable to read the Aura token" error comes from Salesforce's Lightning framework. You can handle this with:

Cypress.on('uncaught:exception', (err) => {
  if (err.message.includes('Aura') || err.message.includes('aura token')) {
    return false; // prevent Cypress from failing the test
  }
});

3. Consider using the Salesforce CLI + API auth instead of UI login:

The most reliable approach for Salesforce automation with MFA is to use the Connected App OAuth flow to get an access token via API, then inject the session:

cy.request({
  method: 'POST',
  url: 'https://login.salesforce.com/services/oauth2/token',
  form: true,
  body: {
    grant_type: 'password',
    client_id: Cypress.env('SF_CLIENT_ID'),
    client_secret: Cypress.env('SF_CLIENT_SECRET'),
    username: Cypress.env('SF_USERNAME'),
    password: Cypress.env('SF_PASSWORD') + Cypress.env('SF_SECURITY_TOKEN'),
  },
}).then((response) => {
  const { access_token, instance_url } = response.body;
  cy.visit(`${instance_url}/secur/frontdoor.jsp?sid=${access_token}`);
});

This bypasses MFA entirely (Connected Apps can be configured to exempt MFA) and is much more stable for automated testing. You'll need to set up a Connected App in Salesforce Setup with the OAuth password grant type enabled.

Hope this helps!