How to get AppServiceAuthSession cookie using access/id token for web app deployed on azure app service?

Question

I am trying to write [cypress][1] automated tests for web app deployed on azure app service. Cypress does not allow redirects and also its not recommended to verify login flow managed by third party (Azure with EasyAuth flow).
In order to access web app without redirects, I am trying to set authentication programmatically before opening the application home page in browser. As application utilizing EasyAuth, there is no custom code in UI with ADAL or MSAL library.
Is there another option than AppServiceAuthSession cookie that app service will treat user as logged In? or if its the only way app service treats users as logged in, how to retrieve AppServiceAuthSession without redirects?
[1]: https://www.cypress.io/

Answer 1

To get the AppServiceAuthSession cookie using an access or ID token for a web app deployed on Azure App Service, you can use the following steps:

First, ensure that you have obtained an access or ID token from the authentication provider.

Next, make a POST request to the /.auth/login endpoint of your Azure App Service, including the access or ID token in the request body as a JSON object. The request should be made to the URL of the form https://<your-app-name>.azurewebsites.net/.auth/login.

If the request is successful, the server will return a Set-Cookie header in the response, which will contain the AppServiceAuthSession cookie. You can then extract this cookie and store it in your web app for use in subsequent requests.

Example:

fetch('https://<your-app-name>.azurewebsites.net/.auth/login', {  
  method: 'POST',  
  headers: {  
    'Content-Type': 'application/json'  
  },  
  body: JSON.stringify({  
    access_token: '<your-access-token>'  
  })  
}).then(response => {  
  const setCookieHeader = response.headers.get('Set-Cookie');  
  // Extract the AppServiceAuthSession cookie from the Set-Cookie header and store it for use in subsequent requests  
});