Closed justnpT closed 8 months ago
Can you create a PR with the intended text?
This seems to be somewhat useful and worthy of including.
I could, I only don't know what file to modify
The root of documentation is here — https://github.com/SeleniumHQ/seleniumhq.github.io/tree/trunk/website_and_docs/content/documentation
Services like https://mailosaur.com/ can be used, or getting a developer account with Google and using an API to access emails sent to a given address is also an option.
alright, created pull request: https://github.com/SeleniumHQ/seleniumhq.github.io/pull/1280
Feature and motivation
The article should mention, that it might be possible to ask developers, for creation of a "non-expiry special 2fa token" created for test team, so that the journey is still testable without disabling 2FA. That way you might turn someones attention that such possibility exists, rather than closing their attention on the fact that disabling is the only option
https://www.selenium.dev/documentation/test_practices/discouraged/two_factor_authentication/
current: the only options mentioned for 2FA are to disable the 2FA expected: The article should mention, that it might be possible to ask for a "non-expiry special 2fa token" created for test team, so that the journey is still testable without disabling 2FA. That way you might turn someones attention that such possibility exists, rather than closing their attention on the fact that disabling is the only option
Two Factor Authentication Two Factor Authentication (2FA) is an authorization mechanism where a One Time Password (OTP) is generated using “Authenticator” mobile apps such as “Google Authenticator”, “Microsoft Authenticator” etc., or by SMS, e-mail to authenticate. Automating this seamlessly and consistently is a big challenge in Selenium. There are some ways to automate this process. But that will be another layer on top of our Selenium tests and not as secure. So, you should avoid automating 2FA.
There are few options to get around 2FA checks:
Ask your team to create a "special token" that will work in test environment, so that the functionality is still tested, just no need to use mobile device Disable 2FA for certain Users in the test environment, so that you can use those user credentials in the automation. Disable 2FA in your test environment. Disable 2FA if you login from certain IPs. That way we can configure our test machine IPs to avoid this.