guardian · coldlink · Jan 30, 2025 · Jan 16, 2025 · pvighi · Jan 29, 2025
@@ -4,7 +4,7 @@ describe('Delete my account flow in Okta', () => {
 		cy.visit(
 			`/signin?returnUrl=${encodeURIComponent(
 				`https://${Cypress.env('BASE_URI')}/welcome/review`,
-			)}`,
+			)}&usePasswordSignIn=true`,
 		);
 		cy.get('input[name=email]').type(email);
 		cy.get('input[name=password]').type(password);

@@ -11,7 +11,7 @@ describe('Jobs terms and conditions flow in Okta', () => {
 				})
 				?.then(({ emailAddress, finalPassword }) => {
 					const visitUrl =
-						'/signin?clientId=jobs&returnUrl=https%3A%2F%2Fjobs.theguardian.com%2F';
+						'/signin?clientId=jobs&returnUrl=https%3A%2F%2Fjobs.theguardian.com%2F&usePasswordSignIn=true';
 					cy.visit(visitUrl);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
@@ -61,7 +61,7 @@ describe('Jobs terms and conditions flow in Okta', () => {
 					)}/welcome/review`;
 					const visitUrl = `/signin?returnUrl=${encodeURIComponent(
 						postSignInReturnUrl,
-					)}`;
+					)}&usePasswordSignIn=true`;
 					cy.visit(visitUrl);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
@@ -127,7 +127,7 @@ describe('Jobs terms and conditions flow in Okta', () => {
 					)}/welcome/review`;
 					const visitUrl = `/signin?returnUrl=${encodeURIComponent(
 						postSignInReturnUrl,
-					)}`;
+					)}&usePasswordSignIn=true`;
 					cy.visit(visitUrl);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
@@ -179,7 +179,7 @@ describe('Jobs terms and conditions flow in Okta', () => {
 					)}/welcome/review`;
 					const visitUrl = `/signin?returnUrl=${encodeURIComponent(
 						postSignInReturnUrl,
-					)}`;
+					)}&usePasswordSignIn=true`;
 					cy.visit(visitUrl);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);

@@ -75,7 +75,7 @@ describe('New account review page', () => {
 				cy.url().should('contain', decodeURIComponent(encodedReturnUrl));
 
 				// Return to Gateway so we can access the user cookie
-				cy.visit('/signin');
+				cy.visit('/signin?usePasswordSignIn=true');
 				cy.getTestOktaUser(unregisteredEmail).then((user) => {
 					cy.getTestUserDetails(user.profile.legacyIdentityId).then(
 						(response) => {
@@ -156,7 +156,7 @@ describe('New account review page', () => {
 				cy.url().should('contain', decodeURIComponent(encodedReturnUrl));
 
 				// Return to Gateway so we can access the user cookie
-				cy.visit('/signin');
+				cy.visit('/signin?usePasswordSignIn=true');
 
 				// Check that the user does not have their registration location set
 				cy.getTestOktaUser(unregisteredEmail).then((user) => {

@@ -7,7 +7,7 @@ describe('Reauthenticate flow, Okta enabled', () => {
 				cy.visit(
 					`/signin?returnUrl=${encodeURIComponent(
 						`https://${Cypress.env('BASE_URI')}/welcome/review`,
-					)}`,
+					)}&usePasswordSignIn=true`,
 				);
 				cy.get('input[name=email]').type(emailAddress);
 				cy.get('input[name=password]').type(finalPassword);
@@ -18,7 +18,7 @@ describe('Reauthenticate flow, Okta enabled', () => {
 				cy.visit(
 					`/reauthenticate?returnUrl=${encodeURIComponent(
 						`https://${Cypress.env('BASE_URI')}/welcome/review`,
-					)}`,
+					)}&usePasswordSignIn=true`,
 				);
 				cy.get('input[name=email]').type(emailAddress);
 				cy.get('input[name=password]').type(finalPassword);
@@ -47,7 +47,7 @@ describe('Reauthenticate flow, Okta enabled', () => {
 					cy.visit(
 						`/signin?returnUrl=${encodeURIComponent(
 							`https://${Cypress.env('BASE_URI')}/welcome/review`,
-						)}`,
+						)}&usePasswordSignIn=true`,
 					);
 					cy.get('input[name=email]').type(emailAddressA);
 					cy.get('input[name=password]').type(finalPasswordA);
@@ -66,7 +66,7 @@ describe('Reauthenticate flow, Okta enabled', () => {
 								cy.visit(
 									`/reauthenticate?returnUrl=${encodeURIComponent(
 										`https://${Cypress.env('BASE_URI')}/welcome/review`,
-									)}`,
+									)}&usePasswordSignIn=true`,
 								);
 								cy.get('input[name=email]').type(emailAddressB);
 								cy.get('input[name=password]').type(finalPasswordB);

@@ -610,7 +610,7 @@ describe('Registration flow - Split 2/2', () => {
 					cy.visit(
 						`/signin?returnUrl=${encodeURIComponent(
 							`https://${Cypress.env('BASE_URI')}/welcome/review`,
-						)}`,
+						)}&usePasswordSignIn=true`,
 					);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);

@@ -23,7 +23,7 @@ describe('Saturday Edition Geolocation', () => {
 			cy.visit(
 				`/signin?returnUrl=${encodeURIComponent(
 					`https://${Cypress.env('BASE_URI')}/welcome/google`,
-				)}`,
+				)}&usePasswordSignIn=true`,
 			);
 			cy.get('input[name=email]').type(emailAddress);
 			cy.get('input[name=password]').type(finalPassword);
@@ -55,7 +55,7 @@ describe('Saturday Edition Geolocation', () => {
 			cy.visit(
 				`/signin?returnUrl=${encodeURIComponent(
 					`https://${Cypress.env('BASE_URI')}/welcome/google`,
-				)}`,
+				)}&usePasswordSignIn=true`,
 			);
 			cy.get('input[name=email]').type(emailAddress);
 			cy.get('input[name=password]').type(finalPassword);
@@ -87,7 +87,7 @@ describe('Saturday Edition Geolocation', () => {
 			cy.visit(
 				`/signin?returnUrl=${encodeURIComponent(
 					`https://${Cypress.env('BASE_URI')}/welcome/google`,
-				)}`,
+				)}&usePasswordSignIn=true`,
 			);
 			cy.get('input[name=email]').type(emailAddress);
 			cy.get('input[name=password]').type(finalPassword);
@@ -118,7 +118,7 @@ describe('Saturday Edition Geolocation', () => {
 			cy.visit(
 				`/signin?returnUrl=${encodeURIComponent(
 					`https://${Cypress.env('BASE_URI')}/welcome/google`,
-				)}`,
+				)}&usePasswordSignIn=true`,
 			);
 			cy.get('input[name=email]').type(emailAddress);
 			cy.get('input[name=password]').type(finalPassword);
@@ -148,7 +148,7 @@ describe('Saturday Edition Geolocation', () => {
 			cy.visit(
 				`/signin?returnUrl=${encodeURIComponent(
 					`https://${Cypress.env('BASE_URI')}/welcome/google`,
-				)}`,
+				)}&usePasswordSignIn=true`,
 			);
 			cy.get('input[name=email]').type(emailAddress);
 			cy.get('input[name=password]').type(finalPassword);
@@ -176,7 +176,7 @@ describe('Feast newsletter for Feast app', () => {
 				cy.visit(
 					`/signin?returnUrl=${encodeURIComponent(
 						`https://${Cypress.env('BASE_URI')}/welcome/google?appClientId=${app.id}`,
-					)}`,
+					)}&usePasswordSignIn=true`,
 				);
 				cy.get('input[name=email]').type(emailAddress);
 				cy.get('input[name=password]').type(finalPassword);
@@ -204,7 +204,7 @@ describe('Feast newsletter for Feast app', () => {
 				cy.visit(
 					`/signin?returnUrl=${encodeURIComponent(
 						`https://${Cypress.env('BASE_URI')}/welcome/google?appClientId=${app.id}`,
-					)}`,
+					)}&usePasswordSignIn=true`,
 				);
 				cy.get('input[name=email]').type(emailAddress);
 				cy.get('input[name=password]').type(finalPassword);
@@ -234,7 +234,7 @@ describe('Jobs newsletter for Jobs Site', () => {
 			cy.visit(
 				`/signin?returnUrl=${encodeURIComponent(
 					`https://${Cypress.env('BASE_URI')}/welcome/google?clientId=${clientId}`,
-				)}`,
+				)}&usePasswordSignIn=true`,
 			);
 			cy.get('input[name=email]').type(emailAddress);
 			cy.get('input[name=password]').type(finalPassword);

@@ -85,7 +85,7 @@ describe('Sign in flow, Okta enabled', () => {
 			cy.url().should('eq', guardianJobsPrivacyPolicyUrl);
 		});
 		it('navigates to reset password', () => {
-			cy.visit('/signin');
+			cy.visit('/signin?usePasswordSignIn=true');
 			cy.contains('Reset password').click();
 			cy.contains('Reset password');
 		});
@@ -120,7 +120,7 @@ describe('Sign in flow, Okta enabled', () => {
 			cy.url().should('contain', 'clientId=jobs');
 		});
 		it('applies form validation to email and password input fields', () => {
-			cy.visit('/signin');
+			cy.visit('/signin?usePasswordSignIn=true');
 
 			cy.get('form').within(() => {
 				cy.get('input:invalid').should('have.length', 2);
@@ -292,7 +292,7 @@ describe('Sign in flow, Okta enabled', () => {
 							cy.visit(
 								`/signin?returnUrl=${encodeURIComponent(
 									`https://${Cypress.env('BASE_URI')}/welcome/review`,
-								)}`,
+								)}&usePasswordSignIn=true`,
 							);
 							cy.get('input[name=email]').type(emailAddress);
 							cy.get('input[name=password]').type(finalPassword);
@@ -317,7 +317,7 @@ describe('Sign in flow, Okta enabled', () => {
 		});
 	});
 
-	context('Okta IDX API Sign In', () => {
+	context('Okta IDX API Sign In with Password', () => {
 		it('ACTIVE user - email + password authenticators - successfully sign in', () => {
 			// Intercept the external redirect page.
 			// We just want to check that the redirect happens, not that the page loads.
@@ -329,7 +329,7 @@ describe('Sign in flow, Okta enabled', () => {
 					isUserEmailValidated: true,
 				})
 				?.then(({ emailAddress, finalPassword }) => {
-					cy.visit('/signin');
+					cy.visit('/signin?usePasswordSignIn=true');
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
 					cy.get('[data-cy="main-form-submit-button"]').click();
@@ -348,7 +348,9 @@ describe('Sign in flow, Okta enabled', () => {
 					isUserEmailValidated: true,
 				})
 				?.then(({ emailAddress, finalPassword }) => {
-					cy.visit(`/signin?returnUrl=${encodeURIComponent(returnUrl)}`);
+					cy.visit(
+						`/signin?returnUrl=${encodeURIComponent(returnUrl)}&usePasswordSignIn=true`,
+					);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
 					cy.get('[data-cy="main-form-submit-button"]').click();
@@ -376,9 +378,11 @@ describe('Sign in flow, Okta enabled', () => {
 					isUserEmailValidated: true,
 				})
 				?.then(({ emailAddress, finalPassword }) => {
-					cy.visit(`/signin?returnUrl=${encodeURIComponent(returnUrl)}`);
 					cy.visit(
-						`/signin?returnUrl=${encodedReturnUrl}&appClientId=${appClientId}&fromURI=${fromURI}`,
+						`/signin?returnUrl=${encodeURIComponent(returnUrl)}&usePasswordSignIn=true`,
+					);
+					cy.visit(
+						`/signin?returnUrl=${encodedReturnUrl}&appClientId=${appClientId}&fromURI=${fromURI}&usePasswordSignIn=true`,
 					);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
@@ -444,7 +448,7 @@ describe('Sign in flow, Okta enabled', () => {
 						cy.contains(emailAddress.toLowerCase());
 
 						// setup complete, now sign in
-						cy.visit('/signin');
+						cy.visit('/signin?usePasswordSignIn=true');
 						cy.contains('Sign in with a different email').click();
 						cy.get('input[name=email]').clear().type(emailAddress);
 						cy.get('input[name=password]').type(password);
@@ -494,7 +498,7 @@ describe('Sign in flow, Okta enabled', () => {
 					isUserEmailValidated: true,
 				})
 				?.then(({ emailAddress, finalPassword }) => {
-					cy.visit('/signin');
+					cy.visit('/signin?usePasswordSignIn=true');
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(`${finalPassword}!`);
 					cy.get('[data-cy="main-form-submit-button"]').click();
@@ -503,7 +507,7 @@ describe('Sign in flow, Okta enabled', () => {
 		});
 
 		it('NON-EXISTENT user - shows authentication error in all scenarios', () => {
-			cy.visit('/signin');
+			cy.visit('/signin?usePasswordSignIn=true');
 			cy.get('input[name=email]').type('[email protected]');
 			cy.get('input[name=password]').type('password');
 			cy.get('[data-cy="main-form-submit-button"]').click();
@@ -519,7 +523,7 @@ describe('Sign in flow, Okta enabled', () => {
 			cy
 				.createTestUser({ isGuestUser: true })
 				?.then(({ emailAddress, finalPassword }) => {
-					cy.visit('/signin');
+					cy.visit('/signin?usePasswordSignIn=true');
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(`${finalPassword}`);
 					cy.get('[data-cy="main-form-submit-button"]').click();
@@ -562,7 +566,7 @@ describe('Sign in flow, Okta enabled', () => {
 							cy.visit(
 								`/signin?returnUrl=${encodeURIComponent(
 									`https://${Cypress.env('BASE_URI')}/welcome/review`,
-								)}`,
+								)}&usePasswordSignIn=true`,
 							);
 							cy.get('input[name=email]').type(emailAddress);
 							cy.get('input[name=password]').type(finalPassword);
@@ -597,7 +601,7 @@ describe('Sign in flow, Okta enabled', () => {
 					isUserEmailValidated: true,
 				})
 				?.then(({ emailAddress, finalPassword }) => {
-					cy.visit('/signin');
+					cy.visit('/signin?usePasswordSignIn=true');
 
 					cy.interceptRecaptcha();
 
@@ -656,7 +660,7 @@ describe('Sign in flow, Okta enabled', () => {
 					cy.visit(
 						`/signin?returnUrl=${encodeURIComponent(
 							`https://${Cypress.env('BASE_URI')}/welcome/review`,
-						)}`,
+						)}&usePasswordSignIn=true`,
 					);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
@@ -702,7 +706,7 @@ describe('Sign in flow, Okta enabled', () => {
 					cy.visit(
 						`/signin?returnUrl=${encodeURIComponent(
 							`https://${Cypress.env('BASE_URI')}/welcome/review`,
-						)}`,
+						)}&usePasswordSignIn=true`,
 					);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
@@ -748,7 +752,7 @@ describe('Sign in flow, Okta enabled', () => {
 					cy.visit(
 						`/signin?returnUrl=${encodeURIComponent(
 							`https://${Cypress.env('BASE_URI')}/welcome/review`,
-						)}`,
+						)}&usePasswordSignIn=true`,
 					);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
@@ -780,7 +784,7 @@ describe('Sign in flow, Okta enabled', () => {
 					cy.visit(
 						`/signin?returnUrl=${encodeURIComponent(
 							`https://${Cypress.env('BASE_URI')}/welcome/review`,
-						)}`,
+						)}&usePasswordSignIn=true`,
 					);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
@@ -851,7 +855,7 @@ describe('Sign in flow, Okta enabled', () => {
 					cy.visit(
 						`/signin?returnUrl=${encodeURIComponent(
 							`https://${Cypress.env('BASE_URI')}/welcome/review`,
-						)}`,
+						)}&usePasswordSignIn=true`,
 					);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);
@@ -912,7 +916,7 @@ describe('Sign in flow, Okta enabled', () => {
 								)}/welcome/review`;
 								const visitUrl = `/signin?returnUrl=${encodeURIComponent(
 									postSignInReturnUrl,
-								)}`;
+								)}&usePasswordSignIn=true`;
 								cy.visit(visitUrl);
 								cy.get('input[name=email]').type(emailAddress);
 								cy.get('input[name=password]').type(finalPassword);

@@ -18,7 +18,7 @@ describe('Sign out flow', () => {
 					)}/welcome/review`;
 					const visitUrl = `/signin?returnUrl=${encodeURIComponent(
 						postSignInReturnUrl,
-					)}`;
+					)}&usePasswordSignIn=true`;
 					cy.visit(visitUrl);
 					cy.get('input[name=email]').type(emailAddress);
 					cy.get('input[name=password]').type(finalPassword);

@@ -1,6 +1,6 @@
 describe('POST requests return a user-facing error message when encountering a rate limit from Okta', () => {
 	specify('Submit /signin', () => {
-		cy.visit('/signin');
+		cy.visit('/signin?usePasswordSignIn=true');
 		cy.get('input[name="email"]').type('[email protected]');
 		cy.get('input[name="password"]').type('password');
 
@@ -16,7 +16,7 @@ describe('POST requests return a user-facing error message when encountering a r
 	});
 
 	specify('Submit /reauthenticate', () => {
-		cy.visit('/reauthenticate');
+		cy.visit('/reauthenticate?usePasswordSignIn=true');
 		cy.get('input[name="email"]').type('[email protected]');
 		cy.get('input[name="password"]').type('password');