Authentication flows, along with anti-bot detection, add complexity to automation. Two-factor authentication and captchas are challenging to overcome, and regular authentication flows slow down automation.

Browserbase has some built-in features to tackle automation, like Stealth mode and reuse of session cookies. We also partner with Anon, which provides a comprehensive authentication solution for many websites.

Using Anon to handle Authentication

Anon is an authentication platform that partners with Browserbase to easily handle authentication flows across many websites.

To learn more about using Anon to handle authentication, or to see the list of currently-supported websites, check out Anon’s developer docs.

Accessing an authentication flow with Stealth Mode

Most authentication flows implement mechanisms to prevent automation and scraping:

When running your own Browser, dealing with the above requires setting up IP rotations with Proxies along with Captcha solving and fingerprinting code or libraries.

By connecting your automation to Browserbase, you get opt-in Proxies, automatic fingerprinting, and Captcha solving without any code change:

import { chromium } from "playwright-core";

(async () => {
  const browser = await chromium.connectOverCDP(
    `wss://connect.browserbase.com?apiKey=${process.env.BROWSERBASE_API_KEY}&enableProxy=true`,
  );

  // Getting the default context to ensure the sessions are recorded.
  const defaultContext = browser.contexts()[0];
  const page = defaultContext.pages()[0];

  await page.goto("https://browserbase.com/sign-in");
  await page.close();
  await browser.close();
})().catch((error) => console.error(error.message));

Speed up your automation by re-using cookies

Some websites or web apps rely on cookies-based Sessions, which can be easily retrieved and re-used to speed up your automation.

The code snippet below showcases how to retrieve and set cookies to avoid your automation to go through the authentication flow at each run:

import { chromium } from "playwright-core";
import storage from "./storage.js";

async function authenticate(page, context) {
  const session = await storage.getSession();
  if (session) {
    await context.addCookies([session]);

    // try to access a protected page
    await page.goto("https://www.browserbase.com/overview");

    if (page.url === "https://www.browserbase.com/overview") {
      // no redirect -> we are authenticated, let's skip the authentication flow
      return;
    }
  }

  await page.goto("https://www.browserbase.com/sign-in");

  // ... sign-in ...

  // retrieve User Session Cookie
  const cookies = await context.cookies();
  const sessionCookie = cookies.find((c) => c.name === "session_id");
  await storage.storeSession(sessionCookie);
}

(async () => {
  const browser = await chromium.connectOverCDP(
    `wss://connect.browserbase.com?apiKey=${process.env.BROWSERBASE_API_KEY}&enableProxy=true`,
  );

  // Getting the default context to ensure the sessions are recorded.
  const defaultContext = browser.contexts()[0];
  const page = defaultContext.pages()[0];

  await authenticate(page, defaultContext);

  // ... interact with page ...

  await page.close();
  await browser.close();
})().catch((error) => console.error(error.message));

Dealing with two-factor authentication

Two-step verification (via authenticator apps or SMS) or magic links require human intervention in the loop. Here are some tactics to cope with 2FA:

Disable 2FA or create an app password

This approach only applies to authentication flows owned by your team or company.

For an internal tool, try to turn off the two-step verification.

For an authentication flow requiring some level of security, try to create an app password.

Enable Remote Control of your Session

If a two-step verification mechanism cannot be bypassed or disabled, you should consider handing back the control to the end user by leveraging the Session Live URLs.

Taking a Session's Remote Control with Session Live View

Let your end users complete the two-step verification process as part of your automation.