Login Automation Skill
Use this guide for deterministic login flows and authentication checks.
Secure Credential Handling
Handle credentials outside skill files and source code:
- •Resolve credentials from environment variables or a secret manager in the orchestration layer.
- •Pass resolved values at runtime only.
- •Avoid logging secrets in transcripts, fixtures, or screenshots.
Preflight Checklist
Before typing credentials:
- •Launch or connect to the intended session mode.
- •Navigate to the login URL.
- •Wait for page readiness.
- •Capture a fresh snapshot and identify refs.
text
opendevbrowser_goto sessionId="<session-id>" url="https://example.com/login" opendevbrowser_wait sessionId="<session-id>" until="networkidle" opendevbrowser_snapshot sessionId="<session-id>" format="actionables"
Canonical Login Flow
Execute login in a strict order:
- •Type identifier into email/username ref.
- •Type password into password ref.
- •Click submit.
- •Wait for navigation or authenticated UI state.
- •Re-snapshot for post-login verification.
text
opendevbrowser_type sessionId="<session-id>" ref="<identifier-ref>" text="<resolved-identifier>" opendevbrowser_type sessionId="<session-id>" ref="<password-ref>" text="<resolved-password>" opendevbrowser_click sessionId="<session-id>" ref="<submit-ref>" opendevbrowser_wait sessionId="<session-id>" until="networkidle" opendevbrowser_snapshot sessionId="<session-id>" format="outline"
Success Validation
Validate more than one signal:
- •URL or route changed to expected authenticated location.
- •Authenticated-only UI ref becomes visible.
- •Login request in
opendevbrowser_network_pollreturns expected status.
text
opendevbrowser_network_poll sessionId="<session-id>" max=50
Use opendevbrowser_is_visible or opendevbrowser_get_attr for deterministic assertions.
Error and Recovery Handling
Handle common blockers explicitly:
- •Invalid credentials: assert error banner text near form.
- •CAPTCHA/challenge: classify as manual checkpoint.
- •MFA prompt: continue with second-factor workflow if test account supports it.
- •Lockout/rate limit: stop retries and rotate test account or cooldown window.
After any failure, re-snapshot before retrying to avoid stale refs.
MFA Flow Pattern
For MFA-capable test flows:
- •Submit primary credentials.
- •Wait for MFA input ref.
- •Enter OTP/ref-based code.
- •Submit and validate authenticated state.
text
opendevbrowser_wait sessionId="<session-id>" ref="<mfa-input-ref>" state="visible" opendevbrowser_type sessionId="<session-id>" ref="<mfa-input-ref>" text="<resolved-otp>" opendevbrowser_click sessionId="<session-id>" ref="<mfa-submit-ref>"
Session Persistence Checks
Use persistent profiles when verifying remembered sessions:
text
opendevbrowser_launch profile="auth-test" persistProfile=true noExtension=true
Then reopen and verify whether re-authentication is required.
Batch Script Pattern
Use opendevbrowser_run for compact, repeatable flows:
text
opendevbrowser_run sessionId="<session-id>" steps=[{"action":"goto","args":{"url":"https://example.com/login"}},{"action":"wait","args":{"until":"networkidle"}},{"action":"snapshot","args":{"format":"actionables"}},{"action":"type","args":{"ref":"<identifier-ref>","text":"<resolved-identifier>"}},{"action":"type","args":{"ref":"<password-ref>","text":"<resolved-password>"}},{"action":"click","args":{"ref":"<submit-ref>"}},{"action":"wait","args":{"until":"networkidle"}},{"action":"snapshot","args":{"format":"outline"}}]