How to Get Access Token from Azure Using Cypress

When working with APIs that are protected by Azure Active Directory (Azure AD), the most common authentication mechanism is OAuth 2.0 using Bearer tokens. If you're using Cypress for end-to-end testing or API validation, it's often necessary to get a valid Access Token programmatically.

In this blog post, I’ll walk you through how to get an Azure access token using Cypress, so you can securely test APIs or authenticate users in your automated tests.

✅ Prerequisites

Before diving into code, make sure you have:

Azure App Registration (Client ID, Tenant ID, Secret)
Required API permissions set up (like user.read, api://.../.default, etc.)
Cypress project initialized (use npx cypress open if not already)

🧠 What We’ll Do

We'll use Cypress to make a POST request to Azure AD’s token endpoint with the correct credentials and receive an access token in response.

🔧 Step-by-Step Implementation

Step 1: Add Azure Credentials to Cypress

In your cypress.config.js or as environment variables, store the Azure configuration:

javascript
const { defineConfig } = require("cypress");

module.exports = defineConfig({
  e2e: {
    env: {
      azure_tenant_id: "YOUR_TENANT_ID",
      azure_client_id: "YOUR_CLIENT_ID",
      azure_client_secret: "YOUR_CLIENT_SECRET",
      azure_scope: "api://YOUR_API_ID/.default", // or use a built-in like https://graph.microsoft.com/.default
    },
  },
});

📝 Tip: For security, store sensitive data like client_secret in .env and load with dotenv.

Step 2: Create a Cypress Command

Add a custom command to request the token.

cypress/support/commands.js

javascript
Cypress.Commands.add("getAzureToken", () => {
  const tenantId = Cypress.env("azure_tenant_id");
  const clientId = Cypress.env("azure_client_id");
  const clientSecret = Cypress.env("azure_client_secret");
  const scope = Cypress.env("azure_scope");

  const tokenUrl = `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`;

  return cy.request({
    method: "POST",
    url: tokenUrl,
    form: true,
    body: {
      grant_type: "client_credentials",
      client_id: clientId,
      client_secret: clientSecret,
      scope: scope,
    },
  }).then((response) => {
    expect(response.status).to.eq(200);
    const accessToken = response.body.access_token;
    Cypress.env("access_token", accessToken);
    return accessToken;
  });
});

Step 3: Use the Token in Your Tests

Here’s how to use the access token in a test file:

javascript
describe("API Test with Azure Token", () => {
  it("Fetch protected resource using Bearer token", () => {
    cy.getAzureToken().then((token) => {
      cy.request({
        method: "GET",
        url: "https://your-api.azurewebsites.net/secure-endpoint",
        headers: {
          Authorization: `Bearer ${token}`,
        },
      }).then((response) => {
        expect(response.status).to.eq(200);
        cy.log("Data:", response.body);
      });
    });
  });
});

For Example - Screenshots

//cypress.config.js // Azure AD: Get access token for Microsoft Graph API

// Persist token and expiry to cypress.env.json
 cy.task('persistAzureToken', { accessToken, expiryTimestamp });

tests file and cypress test runner

//custom commands like add below code inside - auth.js or commands.js

// Azure AD authentication command

// This command retrieves an Azure access token using a Cypress task

// and stores it in Cypress environment variables for later use in tests

// Persist token and expiry to cypress.env.json

Happy Testing! 🧪

Cypress Testing

Wednesday, June 25, 2025