See and Use Authenticated Pages
Dashboards, admin panels, staging environments—anything behind a login. Inject cookies or localStorage, skip the login flow entirely.
Quick Reference
| Auth Type | Injection Method | Complexity |
|---|---|---|
| Session cookies | options.cookies | Easy |
| Bearer token / API key | options.headers | Easy |
| Cognito / Amplify | options.localStorage (all 3 tokens) | Medium |
| Auth0 / Firebase | options.localStorage | Medium |
| OAuth popup flow | Manual token acquisition first | Hard |
Cookie Injection
For session-based auth (most web apps). Pass cookies and we inject them before navigation.
curl -X POST "https://api.riddledc.com/v1/run" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://app.example.com/dashboard",
"options": {
"cookies": [
{
"name": "session_id",
"value": "abc123xyz",
"domain": "app.example.com",
"path": "/",
"httpOnly": true,
"secure": true
}
]
}
}' -o dashboard.pnglocalStorage Injection (SPAs)
Modern SPAs (Cognito, Auth0, Firebase) store auth in localStorage, not cookies. Inject tokens the same way the auth library would—with the exact key format it expects.
curl -X POST "https://api.riddledc.com/v1/run" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://your-amplify-app.com/dashboard",
"options": {
"localStorage": {
"CognitoIdentityServiceProvider.YOUR_CLIENT_ID.user@example.com.idToken": "eyJ...",
"CognitoIdentityServiceProvider.YOUR_CLIENT_ID.user@example.com.accessToken": "eyJ...",
"CognitoIdentityServiceProvider.YOUR_CLIENT_ID.user@example.com.refreshToken": "eyJ...",
"CognitoIdentityServiceProvider.YOUR_CLIENT_ID.LastAuthUser": "user@example.com",
"CognitoIdentityServiceProvider.YOUR_CLIENT_ID.user@example.com.clockDrift": "0"
}
}
}' -o dashboard.pngGet your tokens from DevTools → Application → Local Storage, or call your auth provider's API directly. Auth0 and Firebase use a similar pattern—check your app's localStorage for the exact key format.
How It Works
You Provide Auth
Include cookies, headers, or localStorage in your request.
We Inject Before Navigation
Cookies are set, headers configured, localStorage populated—all before the page loads. The page sees an authenticated session from the start.
Execute & Clean Up
We run your workflow, return results, then dispose the browser. Credentials never persist beyond the request.
Common Pitfalls
Form Fill + Click Submit
Filling email/password and clicking submit often fails with Cognito, Auth0, or OAuth flows. These use JavaScript-heavy auth that doesn't complete with simple form automation. Inject tokens instead.
Missing Tokens
Many auth libraries require multiple tokens (idToken, accessToken, refreshToken). Setting just one leaves the app in an invalid auth state.
Wrong Key Format
Cognito keys must be exactly CognitoIdentityServiceProvider.{clientId}.{username}.idToken. A typo means the SDK won't find the tokens.
Tokens After Navigation
If you navigate first, then inject tokens, the app already checked auth on load and redirected. Tokens must be injected BEFORE the first navigation.
Debugging Tips
Check console.json
Every job captures console output. Look for auth errors, failed token validation, or redirect loops.
Intermediate screenshots
Screenshot before and after auth injection to see what state the page is in.
Log localStorage keys
Add console.log(Object.keys(localStorage)) to compare what exists vs. what the app expects.
Check network.har
The HAR file shows all network requests. Look for failed auth calls or unexpected redirects.
Access What's Behind the Login
Start interacting with authenticated pages in minutes. No infrastructure required.