logo logo

Automating 2FA with Google Authenticator and TestProject

main post image

Some applications contain sensitive information, therefore require an extra layer of security besides just username and password. There are a lot of ways to add that extra layer of security, and they all have their pros and cons. One specific and quite popular way to add an extra layer of security, is to use Two Factor Authentication (2FA).

2FA is a process in which you are requiring to provide two different methods to identify yourself. The first method is usually the username & password. The other method that we are talking about in this article, is One Time Password (OTP). The OTP can be sent in a lot of ways, such as: email, SMS, etc. One of those ways is the Google Authenticator application.

The Google Authenticator application is a mobile app that you install on your mobile device. Once you registered your web/mobile app to use the Google 2FA, you will be asked to provide the username & password. Then, an OTP will be generated for you in the Authenticator app and you will have to copy and paste it in the OTP field to complete the login process.

So, the question that arises is: How can I automate such a thing? Obviously, it was meant to be used manually to make the application much safer but still, how can I automate it? Well, there is a way to do it! 😉

The Google Authenticator app uses a time-based OTP (TOTP) that specified in IETF’s RFC 6238. This RFC 6238 algorithm generates a 6-digits password every 30 seconds. During the registration process to the Google 2FA, you are required to scan a QR code. You can also type manually a secret key instead of scanning the QR code. This secret key, using the TestProject Addon, can generate you a valid OTP that you can sign in with, simple as that!

Tutorial Overview

  1. Prerequisites
  2. How to Get the Secret Key From Google 2FA
  3. How to Use the Google Authenticator OTP Automation Addon
  4. Conclusion
  5. Credits

Prerequisites

  1. A TestProject account (It’s completely FREE!).
  2. An application (Web/Mobile) that requires authentication with Google Authenticator.
  3. Install the “Google Authenticator OTP Automation” Addon from TestProject.

How to Get the Secret Key from Google 2FA

In this section, I’m going to show you how to enable Google 2FA for your Gmail account. You can, of course, enable this service for many other applications and not only for Gmail.

1. Navigate to your Google security settings: https://myaccount.google.com/security.

2. Click on the “Security” tab:

Google security settings

3. Click on the 2-Step Verification:

Google security settings - 2 step verification

 

4. Click on “GET STARTED”:

5. Enter your password:
Google security settings - Enter Password

 

6. Enter your phone number for the Google verification:

Google security settings - Verification

7. Enter the code that was sent to your phone number:

Google security settings - Enter Code

8. Click on “TURN ON”:

Google security settings - Turn On

9. You should see that your device is verified:

Google security settings - Verified Device

 

10. Scroll down and click on “Authenticator app” and click on “SET UP”:

Google security settings - Authenticator App

 

11. Choose your platform and click “NEXT”:

Google security settings - Andriod/iPhone

12. To verify that it’s you, Google asks you to type your password again. Type it and click “Next”:

Google security settings - Verification

 

13. You will get a code for your device. Type it and click “Next”:

Google security settings - Device Code

 

14. Scroll down again and click on “Authenticator app” and click on “SET UP”:

Google security settings - Authenticator App

 

15. You will see a QR Code that you need to scan with your Authenticator app with your mobile. Instead of scanning it, click on “CAN’T SCAN”:

Google security settings - QR Code

 

16. You will find a key that can be used instead of the QR Code. This key will be the input for our addon to generate the OTP. Copy it and save it on your computer:

Google security settings - Key

 

17. Before you click next, open the Authenticator app on your device and provide this key to connect it to your Gmail account.

18. Enter the key that was generated in the Authenticator app:

Authenticator App - Key

19. Verify yourself by providing the account password:

Google Verification

 

20. That’s it! Now, let’s see how to use the addon! ✨

 

How to Use the Google Authenticator OTP Automation Addon

In this section, I will demonstrate how to use the Google Authenticator OTP Addon in a real-life example. The idea is to use this Addon for generating an OTP, save this OTP in an input parameter and then, use it when we need to provide it to complete the login to our application.

1. Create a new test (it can be Web/Android/iOS):

Create a new test with TestProject

 

2. To generate a new OTP, create a new step of type “Action”:

Create a new test step with TestProject

 

3. Click on “Select action”:

Create a new test step with TestProject

 

4. In the search box, type “OTP”. Then, select the action called: “Get OTP code for Google Authenticator”:

TestProject - Get OTP code for Google Authenticator

 

5. Now, we need to provide the secret key. Since it’s a secret key, we would like to encrypt its value so that others won’t be able to see it. We will create a new secret parameter that will store the secret key’s value. Click on the blue plus icon:

6. Click again on the blue plus icon to add a new parameter:

7. Select a name for your parameter in the “Name” field and paste the secret key value in the “Value” field. Then, make sure that the “Secret” option is checked. To finish the creation process, click on “Add”.

8. You will now be able to see the newly added parameter with the encrypted value. Click on the “V” button:

9. Now you can see that the newly created parameter is being used in the “Key” field: 

10. To save the returned OTP, click on the “Select parameter” and create a new output parameter:

TestProject - Create a new output parameter

 

11. Once we execute this step, we’ll get the result OTP that we can use:

12. Now, the only thing left to do is to type this OTP parameter to the text box that requires this OTP.

 

Conclusion

In this tutorial, we’ve discussed Two Factors Authentication (2FA) and how it works. Although it’s meant to be used manually to increase the security level of your application, there’s a way to automate this process using the secret key (that is known only to you). We’ve also seen how we can use the “Google Authenticator OTP Automation” Addon in order to overcome this 2FA challenge during our tests using TestProject. Go ahead and try it yourself! 💪

For any questions or assistance, feel free to leave a comment below or contact us using one of our support channels:

  1. TestProject Forum
  2. TestProject’s in-app chat
  3. Email us at [email protected]

Credits

In this addon, we’ve used this great Java library to generate the OTP code based on the secret key: https://github.com/aerogear/aerogear-otp-java (Apache License 2.0).

Amit Yahav

About the author

Amit Yahav

Test automation solution architect and customer success at TestProject

Join TestProject Community

Get full access to the world's first cloud-based, open source friendly testing community. Enjoy TestProject's end-to-end test automation Platform, Forum, Blog and Docs - All for FREE.

Join Us Now  

Comments

5 1 comment

Leave a Reply

Join TestProject Newsletter

Join a 20K community of readers! Always stay up-to-date with all the latest test automation trends, best practice and tips shared by leading software testing community experts across the globe!

FacebookLinkedInTwitterEmail