Community driven use case, to be built by contributor for their private use. Eidolon discussion notes below.
Proxy a user during an authorized online session
See #928 for an overview and #929 for basic functionality.
User Story
As an automation engineer
I want to deploy an autonomous agent with a logic unit (tool) that can login to web sites with user credentials
So I can eliminate tedious and error-prone work that would otherwise be done by my human clients or their authorized human proxies
User Acceptance Testing Criteria
[A] Simple username and password
Given that an autonomous agent exists that can navigate and take action on web sites (see #929 )
and
given that the agent itself is secured with access controls to prevent unauthorized use
and
given that the agent has access to user credentials and can handle them in a secure manner (e.g. properly encrypted all the time)
When the agent encounters a page that requires login with a username and password
Then the agent uses a logic unit (tool) to enter the username and password into the password field, so that that passwords are not entered in-the-clear into a plain text input box
and
the user's credentials, and specifically the password, should not be directly accessible by agents (implementation notes: have passwords injected by template into the playwright browser tool)
[B] MFA (multi-factor authentication) with a timed One-Time Password (OTP) generated by an online authenticator application
Given that a secure OTP authenticator service or tool exists that the agent can access
and the user whose session is being proxied has previously enabled TOTP for an arbitrary website
and the TOTP secret for that user's account on that website is stored in the OTP authenticator service that the agent can securely access
When MFA of any type is requested after entering a username and password on a website
Then the agent is able to distinguish which MFA options are available and choose to use an OTP generated by an authenticator app (as opposed to SMS or email)
and securely acquires the OTP for the proxied user from the authenticator app and submits it in the appropriate field
and resubmits a new OTP if the first OTP timed out
and never makes the OTP available so it can be manipulated by a prompt or reused
and when there is an error or failure to complete the task, the agent communicates this clearly and logs the results for follow-up
Community driven use case, to be built by contributor for their private use. Eidolon discussion notes below.
Proxy a user during an authorized online session See #928 for an overview and #929 for basic functionality.
User Story
User Acceptance Testing Criteria
[A] Simple username and password
[B] MFA (multi-factor authentication) with a timed One-Time Password (OTP) generated by an online authenticator application
Out-of-scope
Add as case [C]