Skip to main content

Authentication

Playwright can be used to automate scenarios that require authentication.

Tests written with Playwright execute in isolated clean-slate environments called browser contexts. This isolation model improves reproducibility and prevents cascading test failures. New browser contexts can load existing authentication state. This eliminates the need to login in every context and speeds up test execution.

Note: This guide covers cookie/token-based authentication (logging in via the app UI). For HTTP authentication use Browser.NewContextAsync(options).

Automate logging in

The Playwright API can automate interaction from a login form.

The following example automates logging into GitHub. Once these steps are executed, the browser context will be authenticated.

var page = await context.NewPageAsync();
await page.GotoAsync("https://github.com/login");
// Interact with login form
await page.Locator("text=Login").ClickAsync();
await page.Locator("input[name='login']").FillAsync(USERNAME);
await page.Locator("input[name='password']").FillAsync(PASSWORD);
await page.Locator("text=Submit").ClickAsync();
// Continue with the test

Redoing login for every test can slow down test execution. To mitigate that, reuse existing authentication state instead.

Reuse signed in state

Playwright provides a way to reuse the signed-in state in the tests. That way you can log in only once and then skip the log in step for all of the tests.

Web apps use cookie-based or token-based authentication, where authenticated state is stored as cookies or in local storage. Playwright provides browserContext.storageState([options]) method that can be used to retrieve storage state from authenticated contexts and then create new contexts with prepopulated state.

Cookies and local storage state can be used across different browsers. They depend on your application's authentication model: some apps might require both cookies and local storage.

The following code snippet retrieves state from an authenticated context and creates a new context with that state.

// Save storage state into the file.
await context.StorageStateAsync(new()
{
Path = "state.json"
});

// Create a new context with the saved storage state.
var context = await browser.NewContextAsync(new()
{
StorageStatePath = "state.json"
});

Session storage

Rarely, session storage is used for storing information associated with the logged-in state. Session storage is specific to a particular domain and is not persisted across page loads. Playwright does not provide API to persist session storage, but the following snippet can be used to save/load session storage.

// Get session storage and store as env variable
var sessionStorage = await page.EvaluateAsync<string>("() => JSON.stringify(sessionStorage)");
Environment.SetEnvironmentVariable("SESSION_STORAGE", sessionStorage);

// Set session storage in a new context
var loadedSessionStorage = Environment.GetEnvironmentVariable("SESSION_STORAGE");
await context.AddInitScriptAsync(@"(storage => {
if (window.location.hostname === 'example.com') {
const entries = JSON.parse(storage);
for (const [key, value] of Object.entries(entries)) {
window.sessionStorage.setItem(key, value);
}
}
})('" + loadedSessionStorage + "')");

Multi-factor authentication

Accounts with multi-factor authentication (MFA) cannot be fully automated, and need manual intervention. Persistent authentication can be used to partially automate MFA scenarios.

Persistent authentication

Note that persistent authentication is not suited for CI environments since it relies on a disk location. User data directories are specific to browser types and cannot be shared across browser types.

User data directories can be used with the BrowserType.LaunchPersistentContextAsync(userDataDir, options) API.

using Microsoft.Playwright;

class Program
{
public static async Task Main()
{
using var playwright = await Playwright.CreateAsync();
var chromium = playwright.Chromium;
var context = chromium.LaunchPersistentContextAsync(@"C:\path\to\directory\", new()
{
Headless = false
});
}
}

Lifecycle

  1. Create a user data directory on disk.
  2. Launch a persistent context with the user data directory and login the MFA account.
  3. Reuse user data directory to run automation scenarios.