Emailed OTP: Marketplace partners automation guide for E2E(End to end) testing using two-step verification(2SV/MFA/2FA)
Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.
Introduction
Marketplace partners have E2E tests that log in to Atlassian programmatically to test their apps. During login, these test accounts may trigger Atlassian account security features such as an email OTP challenge. Since app vendors use automated tests, these tests can't run smoothly.
There is no way to bypass these security features. Please keep in mind that these workarounds may stop working in the future as the Atlassian account service continues to evolve and change.
Suggestions
Here are 5 suggestions that may help navigate challenges relating to E2E testing at the time of writing(December 2024). Your team can look into either one of the five options presented below:
Switch to API tokens instead: Manage API tokens for your Atlassian account. If Selenium type/style tests need to be run, then this is not an option.
Setup two-step verification(2SV) also known as multi-factor authentication(MFA) on the test account: Start the process to configure two-step verification and programmatically type the generated OTP code after authentication with a password as part of the automated test. Please see the TOTP section below for more information.
Setup security keys and complete security key challenge programmatically: Use a security key (similar process to above)
Login with social provider: Log in with a third party account
Configure/enable SAML for the test account and log in with those credentials for the automated test. This will require an Atlassian Guard subscription + your own IdP if you don't have one already: Configure SAML single sign-on with an identity provider
TOTP
Please see the instructions below on how to setup two-step verification and an example of a Typescript code which can be used to generate TOTP codes programmatically.
Login to the test account with a password: id.atlassian.com
- Start the two-step verification configuration process as per: Start the process to configure two-step verification
Setup TOTP:
Select Authenticator app
Once presented with this page, click on Can't see the code?
Copy the "Key"
Use the key to generate the current TOTP
Compute TOTP using the generated Key example
import base32 from 'thirty-two'; import * as notp from 'notp'; const totpSecret = base32.decode('<Key>'); const totpCode = notp.totp.gen(totpSecret, { time: 30 });
(TypeScript)
Alternative example: https://github.com/atlassian/1time - see under "Prover"