Can automated web drivers authenticate google calendar signin?

Hello,

I’m wanting to test calendar integration with our business app. The use case goes like this:

  1. User logs into our app and creates a new meeting
  2. The meeting should populate Google Calendar within a reasonable timeframe
  3. User should be able to verify the meeting is on their personal Google calendar

On the 3rd point above, I’m able to start a UI test with Katalon and land on the URL ‘https://calendar.google.com’. It asks the user to enter their email, and press next. I complete those steps and then Google tells me the browser session may not be secure. I suspect that’s their way of limiting automated web drivers from hammering their servers, or accessing data that you should not have access to.

It seems like some people have found a way to login to Gcal with Selenium, or Katalon WebUI but I can’t figure it out. I opened the devtools and didn’t see any non-200 status codes return.

========
See below for the code I’m using. I tried setting the user-agent in ChromeOptions with hopes that it would be perceived as a normal browser session (ie human). I may be oversimplifying things.

System.setProperty(“webdriver.chrome.driver”, DriverFactory.getChromeDriverPath())

ChromeOptions options = new ChromeOptions()
options.addArguments(“user-agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36”)
WebDriver driver = new ChromeDriver(options);
driver.manage().timeouts().implicitlyWait(10, TimeUnit.SECONDS);

driver.get(‘https://calendar.google.com/’);
driver.manage().window().maximize();

driver.findElement(By.cssSelector(“input[type=‘email’]”)).sendKeys(“GlobalVariable.USER”);
driver.findElement(By.xpath(“//span[text()=‘Next’]”)).click();

Curious if anyone knows how to get past google’s auth screen with Katalon?

No, you can’t.

See

Google prohibits us from automating UI interaction with Google using any Selenium-based UI automation tools like Katalon Studio. Nobody can cheat Google.

You should abandon this idea as Google will never let you do it.

If you want to confirm that the meeting has been successfully scheduled, your server-side business app should be able to communicate with Google Calendar and test the scheduled result somehow.

Ok thanks for the information. You can close the thread.

@chris.oneal

If you have yet to try JavaScript to access elements on the various Google security pages, you should try that before giving up.

I can’t promise it will work, but until all avenues are closed, I wouldn’t turn away and accept defeat.

As a first step, I’d try this:

String js = "window.alert('Hello Chris');"
WebUI.executeJavaScript(js, null)

If that works, then I’d try clicking around, again using JavaScript:

String js = "document.querySelector('css-selector-for-a-button').click();"
WebUI.executeJavaScript(js, null)

Google may be examining every event in detail to prove whether clicks (etc) are true human gestures – in which case, it may not work. It works but see my post below.

Why not just use the Google Calendar API?

Thanks Russ for helping provide another avenue. I’ll investigate that as well.

Jvisser I’ve attempted both methods to see which worked (first and foremost) and then which caused fewer headaches. With the calendar API, I was successful setting up Postman through Oauth 2.0 and could query results, but I can’t get past the initial auth stage with Katalon. Opened a separate thread for that workflow:

Ideally I’d like to run somewhat of an E2E test through Katalon that does:

  1. Login to our application through Web UI and create or edit a Meeting instance (can do)
  2. Store meeting details through an API from our application (can do)
  3. Validate the meeting populates Gcal within a reasonable timeframe (stuck)

Calendar integration through Nylas has proved problematic at times and I’m hoping to trace when / why that’s the case.

Just to let you know, I messed around briefly with that example code I gave you on a gmail login page - it worked.

What I can’t know about is setting input values and if Goggle is using anything to spot automation via JS is taking place. That’s your job :upside_down_face:

But do let us know - either way.

Hi Russ,

I ran the following code and JS executions succeeded but I ended up with the same result as before. Curious what you used on the gmail auth page to get it to work?

====

WebUI.openBrowser(’’)
WebUI.navigateToUrl(‘calendar.google.com’)
WebUI.maximizeWindow()
WebUI.delay(2)

String js = “document.querySelector(‘input[type=email]’).setAttribute(‘value’, '” + myEmail@gmail.com + “’)”
WebUI.executeJavaScript(js, null)

String js2 = “document.querySelector(‘button[jsname=LgbsSe]’).click();”
WebUI.executeJavaScript(js2, null)

Hi Russ, do you mind sharing a few lines from your Test Script so I can see why yours was successful passing through google’s auth process?

My issue is, not wanting to screw around with my gmail account – I’m using it for various services all day so I’m paranoid about Google stepping in and “protecting me” from some perceived hack attempt.

I did pretty much what you listed above, is all I can say. And as I said, it appeared to be working.

Before I started typing this response, I did a search and found the following – maybe it will help?

I’m assuming the same (or similar) API will allow access to Calendar.

@Russ_Thomas

I am wondering about the meaning of your wording. What you mean by saying “it appeared to be working”?

I would describe what I did and what I saw.

I wrote a Test Case in a Katalon project:

import com.kms.katalon.core.webui.keyword.WebUiBuiltInKeywords as WebUI

WebUI.openBrowser('')
WebUI.navigateToUrl('calendar.google.com')
WebUI.maximizeWindow()
WebUI.delay(2)

String js = "document.querySelector('input[type=email]').setAttribute('value', 'my.account@gmail.com')"
WebUI.executeJavaScript(js, null)

String js2 = "document.querySelector('button[jsname=LgbsSe]').click();"
WebUI.executeJavaScript(js2, null)

Please note that my real account name is replaced to “my.account”

When I executed this, yes, it opened a Chrome browser, navigate to the URL “calendar.google.com”, the login form appeard. It typed “my.account@gmail.com” into the text field. Then Google responded with a display


which is equivalent to

This is what I saw. I would say, it doesn’t work.

@Russ_Thomas

Do you see something different?

Can you successfully log into Google Calendar by the test case script above? … I doubt it.

The code I tried (posted above) seemed to work without issue.

Yes, I did. As I have already said, I am not prepared to test against my gmail account. I did not try to access Calendar. I tried the code I posted, going as far as I said and no more. It appeared to work.

I cannot know if it would have worked had I gone any further.

The OP may try to go further, like I said, that’s his job. :upside_down_face:

What does “OP” mean here?

Do you mean “One Piece” ?

You’re starting to worry me, Kaz.

Thank you for the laugh @kazurayam @Russ_Thomas :rofl:

I think kaz speaks Japanese? OP means “original post”, or “original poster”, referring to the first message in a topic and/or the person who posted it.

Thank you, I understand this.

Previously, this process was very expensive and unreliable to implement.

Previously, this process was very expensive and unreliable to implement. But these days, with some API software interfaces that can be used, authentication bypass has become more realistic and cost-balanced. It`s possible to bypass, no authentication method is 100% secure. As for google calendar, I also tried to configure it for my application, it worked, but there were other difficulties, so I had to abandon such a method. That’s why I use them separately. However, I recently found this calendar and it pleasantly surprised me with its simplicity in use.

Inevitably I went the route of API validation. In my experience, Katalon does not make it easy to utilize refresh tokens once a JWT expires. I could add my credentials into the Authorization tab of Katalon and exchange the authorization code for a bearer token, but the problem is Katalon does not save the Authorization credentials (OAuth 2.0) after you close the request. This is a huge issue if a user intends to schedule test automation overnight, for example, because the user is constantly having to refresh credentials manually. Postman stores OAuth credentials natively at the parent level of Collections so I’m not really sure why Katalon can’t replicate that.

That was my major hurdle in trying to decide between automating tests for Gcal through the web interface, versus using API tests. I eventually found this article which was helpful to learn how to structure a POST for Refresh Token in a few different dev languages. Please scroll down to the following if needed:

How to Refresh Your Google Calendar Access Token Using Refresh Tokens