Authentication Testing

Testing authentication is one of the hardest parts of QA automation. Passwords change, OTP codes expire in 30 seconds, magic links are one-time use, and 2FA tokens are unique per user. BugBrain automates it all.

Why Auth Testing Is Hard

Manual Testing:

Manually enter passwords → slow, error-prone
Wait for OTP email → 30-second window
Magic links expire → can’t reuse
2FA codes change every 30 seconds → can’t share
Sessions expire → need constant re-login

Result: QA teams spend hours on auth testing, and it’s often skipped.

BugBrain Solution: Personas automate credential injection. No manual password entry. OTP retrieved automatically. Sessions cached for reuse.

Four Auth Types

↗

Username & Password

Basic form-based login with email and password fields.

↗

Email OTP

Passwordless login with one-time codes sent to email (2–3 second window).

↗

Magic Links

Passwordless login via secure email link (works once, expires).

↗

TOTP / MFA

Two-factor authentication with 6-digit codes (Google Authenticator, Authy, etc.).

How It Works

1. Create a Persona

A Persona is a saved login profile:

Persona: "QA Admin"
├─ Auth Type: Basic
├─ Email: qa-admin@example.com
├─ Password: ••••••••• (encrypted, AES-256)
└─ Project: Acme E-commerce

Credentials are encrypted at rest. Only you (and your team) can use them.

2. Use in Test

Reference the persona when running tests:

Test: "Admin can view dashboard"
├─ Use Persona: "QA Admin"
├─ Step 1: Navigate to login page
├─ Step 2: (AI automatically logs in using persona)
├─ Step 3: Verify dashboard page loads
└─ Execution: Success ✓

3. AI Handles Auth Automatically

During execution, the AI:

Sees the login form
Fills email and password fields automatically
(For OTP) Calls Mailosaur API to retrieve latest OTP code
(For TOTP) Calls pyotp to generate current 2FA code
Clicks Sign In button
Waits for successful login
Caches session for next run

Result: No manual password entry. All auth flows are automated and repeatable.

Session Caching

After the first successful login, BugBrain caches the session (cookies + localStorage) for 8 hours:

Run 1 (first login):
  - Fill email + password
  - Click Sign In
  - Wait for redirect
  - [~8 seconds total]

Run 2 (same persona, cached):
  - Session automatically restored
  - Skip login, go straight to dashboard
  - [~1 second total]

Result: 8x faster authenticated tests on subsequent runs.

Multi-Persona Workflows

Test complex scenarios with multiple users:

Test: "Admin and user can share a document"
├─ Step 1: Login as Admin (Persona: "QA Admin")
├─ Step 2: Create document
├─ Step 3: Invite user (user@example.com)
├─ Step 4: Logout
├─ Step 5: Login as User (Persona: "QA User")
├─ Step 6: Accept invite
├─ Step 7: Verify document access
└─ Result: ✓ Pass

Use multiple personas in a single test to verify role-based features.

Common Challenges & Solutions

Challenge	Problem	Solution
Wrong credentials	Persona email/password incorrect	Verify credentials in admin panel; test manually
Session expired	Cache expired (>8 hours)	Sessions auto-clear after 8 hours; create new session
OTP too slow	Mailosaur retrieval takes time	Increase timeout; ensure OTP is being sent
Magic link expired	Link is one-use	Don’t click link in browser before test runs
2FA disabled	User removed 2FA	Update persona auth type to basic
Locked account	Too many failed attempts	Unlock account in admin panel; verify credentials