Selenium tests - login via Github

Hi, I have a problem with testing Github login with Selenium driver. On local machine everything works well. But on production test server in headless mode Github login requires to fill confirmation code send by email. So I have an email with the code but I can not access the form, cause it is visible only on the server which is headless. I understand the security policy but I can not test it.

There should be something like allowed IP addresses in account settings (don’t see any) which will be accepted as secure authorized servers. It should be simple.

:wave: Welcome!

I don’t know that there is a simple solution if you must test with an account that doesn’t have 2FA on it. You could open a ticket and support might be able to assist, but a more robust solution probably involves:

  1. Enable 2FA on the GitHub account you are testing with.
  2. Find a OTP generation library that works with your project/ language. A quick search of “OTP Selenium Webdriver” generates a lot of results.

So instead of setting up your Google Authenticator with a QR code, you can select “I cant scan the code” and you’ll be shown a string, which is the key for this account. You enter that into your script and it should be able to generate an OTP for login within your test script. You will however need to generate a key first from that script in order to confirm setup.

If you are doing this, I strongly suggest making sure you store your account recovery codes securely in case you lose access to the server or script.

May be I dont understad but how 2FA can solve this problem? 2FA uses SMS to confirm identity.

GitHub 2FA has options that include SMS, but you can use an authenticator app instead.

If you were using that manually, you’d use Google Authenticator, Duo, Microsoft Authenticator, etc to generate the codes. There appear to be some libraries out there that will help you use an OTP within a login script for testing.

If you’re going to be using the same machine/browser/network without clearing cookies, you can ask Support to help you verify the device, or just connect a monitor to your server so you can verify it that once. But if you’re going to be clearing cookies, etc, then you’re going to have to do it over and over so you’ll need to find a way to either insert the email code or a 2FA OTP code into your test run.

Yes I need to clear cookies. So it seems I need to know little more about OTP.