Recording Registering for an Account using MFA

Hello!
I am trying to record on Katalon registering for an account using MFA. I followed the youtube video (Automating Multi-factor auth (MFA) based application with Katalon Studio - YouTube) linked to record logging into an account using MFA and got it to work great! However, now that I want to record registering an account with MFA, the secret key that is in the readMFA.groovy keyword will be different everytime a new account is created. Is there a way to make the secret key in the groovy file variable, and that is it taken from the register page and put into the file.

Thanks!

Hi @swinston ,

I might have mistake in understanding your question but you can clarify it later. Based on my understanding, when you follow the tutorial video you found, I see these lines of code:

  def GetMFAToken(){
         Totp totp = new Totp("your_secret_key")
         return totp.now()
  }

If you mean the your_secret_key always change when new account is created, you can try:

public class readMFA {
       private final String secret_key = "your_secret_key"
       def GetMFAToken(){
               Totp totp = new Totp(secret_key)
               return totp.now()
       }
}

If you mean the token generated differently, it dues to return totp.now().

Thank you!

Hi Elly,
Thank you so much.
What i mean is , instead of wanting to automate logging into an account associated with a specific Secrey Key, I want to automate registering for an account.
In the registration process I have recorded creating a username, password, etc and then hitting register. Once I do that, a QR code pops up to set up an OTP as well as a button that says “Can’t Scan?” which leads to the secret key. What i would like to automatically do it copy/paste the Secret Key and paste that into the “your_secret_key” section of the code. Then, when I log back into that account the secret key is already there.
Obviously, the key will be different every time a new account is registered, which is why i need to pull it individually for each account.
Does that clarify anything? Happy to explain more… hoping there is a solution for this.

Thank you!

@Elly_Tran do you have any idea how to do this! I am struggling with it :frowning:

Oh hi,

Now I get your point. There is one thing we should clarify that CAPTCHA (or OTP /. 2-step verification) is a security solution that helps prevent hack, spam and brute force attacks, it should not be by-passed by the automation tools, some of the workarounds:

  • Solution 1: Request the developer to make the “always true CAPTCHA/OTP” like “123456" and apply it to the test environments. It works in the Jenkins environment.
  • Solution 2: Request the developer to show CAPTCHA/OTP on the UI screen, so you can get text value and input to the field, apply it to the test environments, and this solution work on Jenkins as well.
  • Solution 3: Whitelist company test IP. Add your company or test machine’s IP to the trusted list and allow these IPs to access the feature without CAPTCHA/OTP required.
  • Solution 4: Turn off the CAPTCHA/OTP on the test environment if you have alpha, staging, and production separately. Ignore or manually test the OTP feature(s)

I will recommend you consider solution 3 and 4. Thank you!