as per my understanding we can test the login of user in cypress with OTP by using the package below.
https://www.npmjs.com/package/cypress-keycloak. To successfully login I need otp_secret and otp_credential_id below
cy.loginOTP({
root: 'https://keycloak.com',
realm: 'test',
username: 'test',
password: 'test',
client_id: '1234567',
redirect_uri: 'https://redirecturl.com/',
otp_secret: 'OZLDC2HZKM3QUC...', // e.g. 32 chars
otp_credential_id: '5e231f20-8ca7-35e1-20a694b60181ca9', // e.g. 36 chars
});
});
When I make a call to keycloak endpoint GET /{realmName}/users/{userId}/credentials
I can only see the credentials id and not the secret. Here is my sample response
[
{
"id": "123456789999",
"type": "otp",
"createdDate": 1657189911231,
"credentialData": "{\"subType\":\"totp\",\"digits\":6,\"counter\":0,\"period\":30,\"algorithm\":\"HmacSHA1\"}"
}
]
Can someone please advise how to fetch the client secret? or if there is any other way to test OTP
I hope this helps.
before scanning the QR code on your mobile just take a screenshot of it and upload it on https://zxing.org this will decode and return you the otp secret id.
The API GET /{realmName}/users/{userId}/credentials
returned me otp-credential-id and extracted secret from zxing, now I am able to authenticate and run my cypress tests.