This page explains how to test Time-Based One-Time Passwords (TOTP) for two-factor authentication (2FA).
In Autify Nexus, you can generate a TOTP using the Dynamic Value Step. Let's look at the steps for setting up 2FA and creating a Scenario, using GitHub as an example.
Preparation before creating a Scenario
1. Obtain the secret key
Obtain the secret key for generating TOTPs from your application under test. The secret key is often displayed as a QR code on the 2FA setup screen, but you must retrieve the text string. For example, on GitHub, the "setup key" text shown below links to the secret key.
.png?sv=2022-11-02&spr=https&st=2025-11-05T21%3A45%3A02Z&se=2025-11-05T21%3A57%3A02Z&sr=c&sp=r&sig=oILpYVYyYwkrt07wZjFbtZr3pdqIHCjPMUpR0vbsnME%3D)
2. Set up 2FA with an authenticator app in the target application
If you are setting up 2FA in the target application with an authenticator app for the first time, you must complete the setup process first. You can use any authenticator app, or follow the setup steps below using an Autify Nexus Scenario.
In any Scenario, add a Dynamic Value Step by navigating to Insert step > Dynamic Value Step.
.png?sv=2022-11-02&spr=https&st=2025-11-05T21%3A45%3A02Z&se=2025-11-05T21%3A57%3A02Z&sr=c&sp=r&sig=oILpYVYyYwkrt07wZjFbtZr3pdqIHCjPMUpR0vbsnME%3D)
Edit the added Dynamic Value Step with the following details:
Select Two-Factor Authentication Code (TOTP) for the Dynamic Value Type field.
Enter the secret key you obtained in the Secret field.
.png?sv=2022-11-02&spr=https&st=2025-11-05T21%3A45%3A02Z&se=2025-11-05T21%3A57%3A02Z&sr=c&sp=r&sig=oILpYVYyYwkrt07wZjFbtZr3pdqIHCjPMUpR0vbsnME%3D)
After that step, add a JavaScript Step (Insert step > JavaScript Step) and create a step that outputs the TOTP generated in step 2 to the console.
.png?sv=2022-11-02&spr=https&st=2025-11-05T21%3A45%3A02Z&se=2025-11-05T21%3A57%3A02Z&sr=c&sp=r&sig=oILpYVYyYwkrt07wZjFbtZr3pdqIHCjPMUpR0vbsnME%3D)
Save and run the Scenario. From the test result screen, copy the authentication code output to the console.
.png?sv=2022-11-02&spr=https&st=2025-11-05T21%3A45%3A02Z&se=2025-11-05T21%3A57%3A02Z&sr=c&sp=r&sig=oILpYVYyYwkrt07wZjFbtZr3pdqIHCjPMUpR0vbsnME%3D)
Enter the copied code into your target application to complete the setup.
.png?sv=2022-11-02&spr=https&st=2025-11-05T21%3A45%3A02Z&se=2025-11-05T21%3A57%3A02Z&sr=c&sp=r&sig=oILpYVYyYwkrt07wZjFbtZr3pdqIHCjPMUpR0vbsnME%3D)
Creating the Scenario
Once you have completed the 2FA setup with an authenticator app, you can create the actual test Scenario.
Record the steps in your target application as usual, up to the point just before authentication. Enter any temporary authentication code into the TOTP input field and save the Scenario.
.png?sv=2022-11-02&spr=https&st=2025-11-05T21%3A45%3A02Z&se=2025-11-05T21%3A57%3A02Z&sr=c&sp=r&sig=oILpYVYyYwkrt07wZjFbtZr3pdqIHCjPMUpR0vbsnME%3D)
Before the step where you entered the authentication code, add a Dynamic Value Step and edit it as follows:
Select Two-Factor Authentication Code (TOTP) for the Dynamic Value Type field.
Enter the secret key that you previously obtained in the Secret field.
In the step where you enter the authentication code, select Other step's output for the Text field. For the value, select the Dynamic Value Step you just added, and then save the Scenario.
.png?sv=2022-11-02&spr=https&st=2025-11-05T21%3A45%3A02Z&se=2025-11-05T21%3A57%3A02Z&sr=c&sp=r&sig=oILpYVYyYwkrt07wZjFbtZr3pdqIHCjPMUpR0vbsnME%3D)
Following these steps, you have successfully created a scenario that obtains and inputs a dynamically generated TOTP each time the test is run. To confirm that 2FA works as expected, you should run the created scenario.