I'm using cypress for writing E2E tests for my UI (Note that it's a PowerBI report, hence it's kind of special case). When I am testing with a public report, it works fine. But when it's a private PBI report, I am having trouble with login part. After some research, I found this approach promising for Azure AD based auth, and added this login function in my commands.js file:

Cypress.Commands.add('login', () => { 
    cy.request({
        method: 'POST',
        url: 'https://login.microsoftonline.com/{TENANT}/oauth2/token',
        form: true,
        body: {
            grant_type: 'client_credentials',
            client_id: CLIENT_ID,
            client_secret: CLIENT_SECRET,
            // resource: RESOURCE
        },
        header: {
            'Content-Type': 'multipart/form-data'
        }
    }).then((responseData) => {
        if (responseData.status === 200) {
            window.sessionStorage.setItem("adal.idtoken", responseData.body.access_token);
            window.sessionStorage.setItem("adal.token.keys", CLIENT_ID + "|")
            window.sessionStorage.setItem(`adal.expiration.key${CLIENT_ID}`, responseData.body.expires_on)
            window.sessionStorage.setItem(`adal.access.token.key${CLIENT_ID}`, responseData.body.access_token)
        } else {
            console.log("error retrieving token")
        }
    })
})

Note that the Client ID and secret are correct and have permission to access the powerbi report. I also tested the token generated, and the sessionStorage variables, and all seem to be assigned correctly. Now, in my test:

describe("E2E Tests", () => {
    beforeEach(() => {
        cy.login();
    })
    it("Sample Test 1", () => {
        cy.visit("https://powerbi-report-url.com");
        //...
    });
})

And I am seeing in the cypress test runner that, even though login has been called in beforeEach, while visiting the powerbi report, it still redirects to https://login.microsoftonline.com url with a different client id as query param, and since the superdomains of powerbi report and redirected urls are different, it gives chrome-error://chromewebdata error(I guess that's the reason). Hence wondering, how to login to a website in cypress tests backed by azure ad auth.

Also, might be unrelated, but seeing one more error in the console:

Refused to display 'https://powerbi-report-url.com' in a frame because it set 'X-Frame-Options' to 'deny'.

Edit 1: Switching to Edge doesn't give the chrome webdata error, but still the cy.visit to the URL times out and gives HTTP 431 Error(Request header too long) and couldn't authenticate.

Edit 2 (More Details about Auth Error): While generating the toke using client credentials, I am getting the token, and see it's stored in the session Storage, however the cypress tests are not picking the same token to authorize the visit to PowerBI report. So, basically even thought the cookie exist to auth the request, the request to Power BI visit still redirects to login.microsoftonline.com/common/oauth2/authorize?client_id={a different client ID from what I am using in the above POST call}

Whereas, while using username/password; getting this error: "error": "interaction_required", "error_description": "AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access "error_codes": [50079]

At this moment (17-Apr-20), this might be related to an Open issue with the Cypress team: https://github.com/cypress-io/cypress/issues/4220

For me particularly, I used to have one super-domain having this error with the previous version 4.3.0 but now with 4.4.0, I get more domains having same issue.

Current workaround: Roll back to previous version and run via Edge (which is based on Chromium anyway).