Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | export const prefix = 'everest-auth'; export const description = 'Everest Playwright authentication — inject Cognito localStorage for browser automation against *.everest-systems.com'; export const scope = 'prompt'; export const body = `# Everest Playwright Authentication ## Why a cookie alone is not enough Everest uses AWS Amplify + Cognito with federated Google sign-in. The React app shell reads its auth state from \`localStorage\` on every page load. Injecting only the \`everest-token\` cookie still redirects to the login page because Amplify cannot find the localStorage keys it expects. ## The 8 localStorage keys required All under the prefix \`CognitoIdentityServiceProvider.<clientId>.<username>.\`: | Key suffix | Description | |---|---| | \`oauthMetadata\` | OAuth state bag | | \`clockDrift\` | Cognito clock-drift value | | \`refreshToken\` | Long-lived refresh token | | \`LastAuthUser\` | Username stored per-client | | \`idToken\` | JWT id token (short-lived, ~1 h) | | \`accessToken\` | JWT access token (short-lived) | | \`oauthSignIn\` | OAuth sign-in flag | Plus the top-level key: \`CognitoIdentityServiceProvider.<clientId>.LastAuthUser\` ## Step 1 — Ask the user for the localStorage dump Ask the user: > "Please open \`https://appdev.everest-systems.com\` in your normal browser (while logged in), open DevTools → Console, run the snippet below, and paste the result here." \`\`\`js copy(JSON.stringify(Object.fromEntries( Object.entries(localStorage).filter(([k]) => k.startsWith('CognitoIdentityServiceProvider')) ))) \`\`\` The result is a JSON object with all Cognito keys as properties. **Token expiry note:** \`idToken\` and \`accessToken\` expire after ~1 hour. If a dump from an earlier session fails (user still lands on login page), ask for a fresh dump. ## Step 2 — First-time browser setup (if needed) If the \`playwright__browser_navigate\` tool returns "chrome-for-testing is not installed", install it once: \`\`\`bash npx @playwright/mcp install-browser chrome-for-testing \`\`\` ## Step 3 — Inject and navigate 1. Call \`playwright__browser_navigate\` with \`url: "https://appdev.everest-systems.com"\` (establishes the origin for localStorage scope) 2. Call \`playwright__browser_evaluate\` to inject all keys: \`\`\`js ({ dump }) => { const data = JSON.parse(dump); for (const [k, v] of Object.entries(data)) localStorage.setItem(k, v); } \`\`\` Pass the user's JSON string as the \`dump\` argument. 3. Call \`playwright__browser_navigate\` with the actual target URL (Amplify bootstraps on page load and finds the keys → user is signed in) ## Common failure modes | Symptom | Fix | |---|---| | Login screen still shown after injection | Check that all 8 keys were injected, not just \`idToken\`. Re-dump and re-inject. | | \`localStorage.setItem\` refused | Make sure step 1 navigated to an \`everest-systems.com\` URL *before* the inject step — browser must be on the same origin. | | Token expired error in-app | Ask the user for a fresh dump; tokens live ~1 hour. | ## Cookie fallback (limited use) If you have only the JWT id token as \`everest-token\` cookie, it works for **direct API calls** (\`/api/...\`) but the React app shell still redirects to login. Use the localStorage path for any UI-driving task. ## Safety The dump contains live access and refresh tokens. **Do not** echo it back to the user, save it to any file, or include it in a commit. Treat it as ephemeral credentials valid for this browser session only. `; |