The API Testing Primer: Digital Acceleration through Automation
Organizations that have multiple touchpoints need to dynamically collaborate and...
There is a major drift happening in the way a user or an application is authenticated. The traditional password system is a thing of the past after the introduction of biometrics. Gartner predicted up to 70 percent of organizations using biometric authentication will implement through smartphone applications by 2022.
Using biometrics create a secure environment and is raising as an intelligent alternative to the traditional password system. Inline with biometrics, authentication through QR code and OTP based in two-factor authentication (2FA) also provide robust security.
The priority of a secure system is to ensure that only authorized users have access to the system. The system needs to let legitimate users in while keeping unauthorized users out. Testing the authentication accomplishes this goal.
Testing authentication mechanisms is a straight-forward approach most of the time. With the manual approach, it is tedious to reproduce the steps and validate the authentication by matching the actual and the expected. With increased test coverage and considering the time factor, automation becomes a necessity rather than an option. Starting with automation, this is still an area worth exploring how we can simulate such scenarios and extract the details from it.
Here in this blog, we present the approaches we have taken for automating the QR code through biometric authentication and voice-over OTP. Our automation predominantly uses the following Tools and Technologies.
Here is a scenario to login an application, where the authentication by the users can be from any channel or any device. There are also use cases to login through varied forms – QR code, OTP, 2FA (Voice). Below are the diagrammatic description of two such use cases:
QR Code Scanning: User gets a QR code in browser → QR code is scanned through mobile app → authenticate using fingerprint → user is authenticated
Voice OTP extraction: User gets a voice call and OTP is spelled out → OTP is entered in the web → User is authenticated
Both the above mentioned login use cases can be automatically tested through any of the below mentioned approaches.
Mocks / Stubs are one way of automating the process. Stubs are nothing but the ready sample piece of code (for generating the OTP, QR code), which we can plug into our test automation and validate the respective authentication APIs. This can be treated as a sort of workaround rather than proper automation, as it does not reflect the actual business flow.
Using Stubs for test automation is a great way to get started in the initial development phase, where the actual components are not integrated / not ready for testing. Stubs avoid the time dependency with the development team and enable the testers to progress with the automation.
While Stubs are useful in the beginning, but not recommended for a finished product or in a regression perspective for the following reasons:
An end to end test automation approach can be practiced for both the use cases and are explained in detail as below:
Use case 1: QR Code Scanning – Automation process:
Fingerprint Authentication step is handled by the login using Pin approach. This way the dependency to manually authenticate using fingerprint sensor in the device is eliminated. Rather, the mobile device settings is updated with a PIN and the login is enabled with device ID and PIN.
So after the QR code scan happens, the browser waits for the fingerprint authentication from the device. Instead of manual fingerprint authentication, we authenticate with the mobile device ID and PIN.
Use case 2: Voice OTP extraction – Automation Process:
End to end automation is achieved by
Figure 1: Google speech recognition (Speech.py)
Figure 2: OTP Extraction Using Regex
New techniques adopted in the authentication field throw a new set of challenges to automate the test. Test Automation needs to grow along with the development activity and be able to deliver a timely and reliable pulse of the build. How we go about choosing the right approach based on the timely needs, constitute a fair percentage in the overall success of test automation. As the development activity for a project evolves and gets stable over time, so is the testing activity, that also needs to change with time and embrace additional features successfully.