Log in with OTPAuth (TOTP)

Prerequisite: A Base32 TOTP secret (shown during 2FA enrollment) or an otpauth:// URI (often embedded in a QR code).

The otpauth library is preloaded in the JavaScript step sandbox.

From a Base32 secret

const totp = new OTPAuth.TOTP({
  issuer: "MyApp",
  label: "[email protected]",
  algorithm: "SHA1",
  digits: 6,
  period: 30,
  secret: env.TOTP_SECRET, // Base32-encoded
});

setVariable("TOTP_CODE", totp.generate());

From an `otpauth://` URI

const totp = OTPAuth.URI.parse(env.TOTP_URI);
setVariable("TOTP_CODE", totp.generate());

Then add a Type step with value {{ env.TOTP_CODE }}.

Store the secret as an environment variable rather than hardcoding it.

Email OTP
SMS OTP
otpauth code generator

Cache authenticated sessionsWrap your login flow in an auth module so parallel tests only authenticate once.

⌘I

From a Base32 secret
From an otpauth:// URI
Related

Guides

Authentication

Page interactions

Test data & variants

Visual testing

Reporting

Log in with OTPAuth (TOTP)

From a Base32 secret

From an `otpauth://` URI

Guides

Authentication

Page interactions

Test data & variants

Visual testing

Reporting

​From a Base32 secret

​From an otpauth:// URI

​Related

From a Base32 secret

From an `otpauth://` URI

Related