Forge e2e testing and 2FA with playwright

PeterMcNeil2 · August 27, 2025, 6:15am

I’m using (trying to use) Playwright to do e2e testing of our forge apps. While I have turned off 2FA in the test environment and recorded a login sequence and store the session data to re-use with the following tests I discovered it thinks the headless browser is different to the one with a head and so it emails a damn 2FA token to me to enter into the headless browser - this is definitely a pain point. How do we just turn off 2FA for a test/dev instance or get around it? Can we?

Or should we be using something like GitHub - cc-d/open2fa: A 2FA CLI tool for generating 2FA codes using TOTP secrets, and an optional web ui enabling 2FA code generation from any device to generate a code on the command line and feed that to the auth test?

UlrichKuhnhardtIzym1 · August 27, 2025, 6:36am

Here is a support article

We’re using a similar approach with

import {TOTP} from "otpauth";

...

  const totpAtl = new TOTP({
    issuer: "Atlassian",
    label: "Atlassian",
    algorithm: "SHA1",
    digits: 6,
    period: 30,
    secret: TOTP_SECRET_ATL,
  })
  const totpValue = totpAtl.generate()

....

  await otpInput.type(totpValue, {delay: 100})
  const otpInputSubmit = otpForm
    .nth(0)
    .locator('[id="two-step-verification-submit"]')
  await otpInputSubmit.click()

PeterMcNeil2 · August 28, 2025, 11:42am

Thanks, that’s perfect.