Authentication flows, along with anti-bot detection, add complexity to web automation. Two-factor authentication and captchas are challenging to overcome, and executing typical authentication flows slow down automation.

Browserbase has a number of built-in features to tackle automation, like Stealth Mode and reuse of session cookies.

Accessing an authentication flow with Stealth Mode

Many authentication flows implement mechanisms to prevent web automation:

  • IP addresses restrictions
  • User agent filtering
  • Captchas (ex: Clerk now features a captcha challenge on all authentication flows)
  • Rate limiting

When running your browser session, dealing with these impediments may require setting up IP rotations with proxies along with captcha solving and fingerprint generators.

By automating with Browserbase, you get opt-in proxies, automatic, fully configurable fingerprinting, and captcha solving—without any coding:

Speed up your automation by reusing cookies

Some websites or web apps rely on cookies-based Sessions, which can be easily retrieved and reused to speed up your automation.

The code examples below showcases how to retrieve and set cookies to avoid your automation to go through the authentication flow at each run:

Playwright
import { chromium } from "playwright-core";
import storage from "./storage.js";

async function authenticate(page, context) {
  const session = await storage.getSession();
  if (session) {
    await context.addCookies([session]);

    // try to access a protected page
    await page.goto("https://www.browserbase.com/overview");

    if (page.url === "https://www.browserbase.com/overview") {
      // no redirect -> we are authenticated, let's skip the authentication flow
      return;
    }
  }

  await page.goto("https://www.browserbase.com/sign-in");

  // ... sign-in ...

  // retrieve User Session Cookie
  const cookies = await context.cookies();
  const sessionCookie = cookies.find((c) => c.name === "session_id");
  await storage.storeSession(sessionCookie);
}

(async () => {
  const browser = await chromium.connectOverCDP(
    `wss://connect.browserbase.com?apiKey=${process.env.BROWSERBASE_API_KEY}&enableProxy=true`,
  );

  // Getting the default context to ensure the sessions are recorded.
  const defaultContext = browser.contexts()[0];
  const page = defaultContext.pages()[0];

  await authenticate(page, defaultContext);

  // ... interact with page ...

  await page.close();
  await browser.close();
})().catch((error) => console.error(error.message));

Working with two-factor authentication

Two-step verification (via authenticator apps or SMS) or magic links require human intervention in the loop. Here are some strategies for managing 2FA:

Disable 2FA or create an app password

This approach applies to authentication flows owned by your team or company.

For an internal tool, try to turn off the two-step verification.

For an authentication flow requiring some level of security, try to create an app password.

Enable Remote Control of your Session

If a two-step verification mechanism cannot be bypassed or disabled, consider handing back control to the end user by leveraging the Session Live URLs.

Taking a Session's Remote Control with Session Live View

Let your end users complete the two-step verification process as part of your automation.

Using Anon to handle Authentication

We partner with Anon which provides a comprehensive authentication solution for many websites. To learn more about using Anon to handle authentication, or to see the list of currently-supported websites, check out Anon’s developer docs.

Was this page helpful?

ParallelizationMulti-Region