Cypress 14 web app that uses a typical SSO login flow with a redirect-based OAuth process.

[singhGrewal]

1.	I visit the app’s main URL (e.g. https://app.example.com/home)
2.	It redirects to an external login provider (e.g. https://login.example.com/oauth2/...)
3.	After successful login, it redirects back to the app

The issue:

By the time Cypress finishes the cy.visit() to the app, the browser has already been redirected to the login origin.

If I then try to run:

cy.origin('https://login.example.com', () => {
  // login steps
});

I get this error:
cy.origin() requires the first argument to be a different origin than top.

Because Cypress is already on the login origin, the call is rejected.

example

Cypress.Commands.add('login', () => {
  const { url, username, password } = Cypress.env();
  const TIMEOUT = Cypress.env('TIMEOUT') || { MICRO: 50, MEDIUM: 3000 };
  const loginOrigin = 'https://login.example.com'; // Replace with actual login domain

  cy.session(username, () => {
    cy.origin(
      loginOrigin,
      {
        args: {
          appUrl: url,
          username,
          password,
          MICRO: TIMEOUT.MICRO,
        },
      },
      ({ appUrl, username, password, MICRO }) => {
        // ⬇️ Visit the app, which triggers redirect inside cy.origin context
        cy.visit(appUrl);
        // ⬇️ Login form interaction
        cy.get('input#input28', { timeout: 10000 })
          .clear()
          .type(username, { log: false, delay: MICRO });

        cy.get('input.button-primary').click();

        cy.get('input#input64', { timeout: 10000 })
          .clear()
          .type(password, { log: false, delay: MICRO });

        cy.get('input.button-primary').click();
      }
    );
  });

  // ⬇️ Post-login, visit app to validate session
  cy.visit(url);
});

What I’ve tried:
• Wrapping cy.visit() inside cy.origin() to preempt the origin switch — this sometimes works but feels brittle
• Capturing cy.url() after the redirect and calling cy.origin() dynamically — fails because I’m already on the new origin
• injectDocumentDomain: true — this works but is deprecated and not ideal for long-term support

What’s the best Cypress-supported pattern for:
• Handling SSO or OAuth flows that redirect to a different origin?
• Making sure cy.origin() is called before Cypress gets auto-redirected?
• Maintaining reliability across environments (e.g., staging, CI)?

Any guidance or patterns you’d recommend would be greatly appreciated