Emailed OTP: Marketplace partners automation guide for E2E(End to end) testing using two-step verification(2SV/MFA/2FA)

Platform Notice: Cloud - This article applies to Atlassian products on the cloud platform.

Introduction

Marketplace partners have E2E tests that log in to Atlassian programmatically to test their apps. During login, these test accounts may trigger Atlassian account security features such as an email OTP challenge. Since app vendors use automated tests, these tests can't run smoothly.

There is no way to bypass these security features. Please keep in mind that these workarounds may stop working in the future as the Atlassian account service continues to evolve and change.

Suggestions

Here are 5 suggestions that may help navigate challenges relating to E2E testing at the time of writing(December 2024). Your team can look into either one of the five options presented below:

  1. Switch to API tokens instead: Manage API tokens for your Atlassian account. If Selenium type/style tests need to be run, then this is not an option.

  2. Setup two-step verification(2SV) also known as multi-factor authentication(MFA) on the test account: Start the process to configure two-step verification and programmatically type the generated OTP code after authentication with a password as part of the automated test. Please see the TOTP section below for more information.

  3. Setup security keys and complete security key challenge programmatically: Use a security key (similar process to above)

  4. Login with social provider: Log in with a third party account

  5. Configure/enable SAML for the test account and log in with those credentials for the automated test. This will require an Atlassian Guard subscription + your own IdP if you don't have one already: Configure SAML single sign-on with an identity provider

TOTP

Please see the instructions below on how to setup two-step verification and an example of a Typescript code which can be used to generate TOTP codes programmatically.

    1. Login to the test account with a password: id.atlassian.com

    2. Start the two-step verification configuration process as per: Start the process to configure two-step verification
    3. Setup TOTP:

      1. Select Authenticator app 


      2. Once presented with this page, click on Can't see the code?

      3. Copy the "Key"


      4. Use the key to generate the current TOTP

    4. Compute TOTP using the generated Key example

      import base32 from 'thirty-two';
      import * as notp from 'notp';
      const totpSecret = base32.decode('<Key>');
      const totpCode = notp.totp.gen(totpSecret, { time: 30 });

      (TypeScript)

      Alternative example: https://github.com/atlassian/1time
      - see under "Prover"

Last modified on Dec 13, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.