Dev Diary - 26. June 2025
header_image

How to Skip Azure Login in UI Tests Using Playwright

Modern web apps often use Azure Active Directory (Azure AD) for authentication, which can be challenging for UI testing. You may wonder: How can you skip the Azure login screen entirely?

The answer is by injecting an Azure access token directly into your Playwright test session. This approach allows you to bypass the login flow and focus your testing where it really matters.

Why Use an Access Token?

Testing a login flow through Azure (or any other identity provider) can be:

  1. 🐢 Slow (increased test runtime)
  2. šŸ’£ Fragile (especially with MFA)
  3. 😫 Hard to automate

By using an access token, you skip the login screen and go straight to the actual test.

What You Need

Make sure you have:

  1. A working Playwright setup (.ts or .js).
  2. An Azure AD access token (obtained via Azure CLI or a backend service).
  3. Knowledge of where your app stores tokens (usually localStorage or sessionStorage).

Getting the Token

Use the Azure CLI to fetch an access token:

bash

>az account get-access-token --resource <your-app-client-id>
>

Or obtain it via an OAuth2 flow using MSAL or Client Credentials.

Injecting the Token with Playwright

Here’s an example Playwright test in TypeScript that sets the access token in localStorage:

typescript

>import { test, expect } from '@playwright/test';
>

>test('Login via Azure access token', async ({ page }) => {
>// Navigate to your app
>await page.goto('https://your-app.com');
>

>// Inject the access token
>await page.evaluate((token) => {
>localStorage.setItem('access_token', token);
>// Add other tokens, like 'id_token' or 'expires_at', if needed
>}, 'YOUR_ACCESS_TOKEN_HERE');
>

>// Now visit an authenticated page
>await page.goto('https://your-app.com/dashboard');
>

>// Verify the user is logged in
>await expect(page.locator('text=Welcome')).toBeVisible();
>});
>

āš ļø Let’s Talk About Token Expiry

By default:

  1. Azure AD access tokens expire in 1 hour.
  2. ID tokens often have even shorter lifetimes.

If you hardcode a token or cache it, your test may fail as soon as the token expires.

Why Testers and Developers Need to Discuss Token Validity

  1. Testers want long-lived tokens (e.g., up to 60 days) for stable CI and local test runs.
  2. Developers must balance test convenience with security and adhere to policies.
  3. CI/CD pipelines benefit from stable, reusable authentication states.

(Optional) Save Auth State for Reuse

Playwright allows you to save a logged-in browser state and reuse it across test files:

typescript

>// After setting the token
>await context.storageState({ path: 'auth.json' });
>

>// Later
>const context = await browser.newContext({ storageState: 'auth.json' });
>

Don’t Skip Real Login Tests Completely

While bypassing Azure AD login is great for speed, it’s still essential to test the actual login flow in at least one or two dedicated E2E test cases. Why?

āœ… Ensure Azure AD integration is working (redirects, MFA, consent screens, etc.)

āœ… Detect regressions in the authentication process

āœ… Maintain full test coverage for critical flows

Summary

By using an access token in Playwright, you can:

āœ… Skip Azure AD login screens

āœ… Test authenticated flows faster

āœ… Avoid flakiness from external dependencies

āœ… Write more stable and maintainable UI tests

āœ… Collaborate better with developers to balance test readiness and security

READ MORE