vodorod/Dorod-Sky
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Improve TOTP docs & README & Make CLI actually support typer + py3.11 (#2791)

Browse Source 
Co-authored-by: ellipsis-dev[bot] <65095814+ellipsis-dev[bot]@users.noreply.github.com>
This commit is contained in:
Suchintan
2025-06-25 12:59:56 -04:00
committed by GitHub
parent 60dcd6bcb1
commit 9c9760d6ca
9 changed files with 307 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
fern/credentials/totp.mdx
View File

@@ -1,58 +1,32 @@
---
title: 2FA Support (TOTP)
subtitle: How to send 2FA codes (TOTP) to Skyvern
subtitle: How to send TOTP codes (2FA/MFA/Verification Code) to Skyvern
slug: credentials/totp
---
Skyvern supports one-time password (see https://www.twilio.com/docs/glossary/totp for more information), also known as 2FA/MFA. For Skyvern to get the code, there are three options:
- [Option 1: Store your 2FA/MFA secret in Skyvern Credential tool](#option-1-store-your-2famfa-secret-in-the-skyvern-credential-tool)
- [Option 2: Skyvern gets the code from your endpoint](#option-2-get-code-from-your-endpoint)
- [Option 3: You push the code to Skyvern](#option-3-push-code-to-skyvern)
Skyvern supports logging into websites that require a 2FA/MFA/Verification code. There are 5 kinds of 2FA we support today:
- [Option 1: Google Authenticator (TOTP)](#option-1-google-authenticator-totp)
- [Option 2: Email Verification Code](#option-2-email-verification-code)
- [Option 3: Phone Verification Code](#option-3-phone-verification-code)
- [Option 4: Let Skyvern get the code from your server (webhook)](#option-4-let-skyvern-get-the-code-from-your-server-webhook)
- [Option 5: One Time Login Link](#option-5-one-time-login-link)
## Option 1: Store your 2FA/MFA secret in the Skyvern Credential tool
## Option 1: Google Authenticator (TOTP)
Save your username and password in [Skyvern Credential](https://app.skyvern.com/credentials) where you can also store your 2FA/MFA key/secret.
Step 1: Save your username and password in [Skyvern Credential](https://app.skyvern.com/credentials). See [Password Management](/credentials/passwords#manage-passwords-in-skyvern-cloud) for more details.
See [Password Management](/credentials/passwords#manage-passwords-in-skyvern-cloud) for more details.
## Option 2: Get Code From Your Endpoint
You can pass `totp_url` when running [a task](/api-reference/api-reference/agent/run-task) or a [workflow](/api-reference/api-reference/agent/run-workflow). Inside this endpoint hosted by you, you have to conform to the following schema:
Step 2: Add your account by manually entering the secret key (extracted from the QR code). Not sure how to get it? [Follow this guide](https://bitwarden.com/help/integrated-authenticator/).
### Set Up Your TOTP Endpoint
For websites that require a verification code to complete a task, you have to set up a TOTP endpoint for Skyvern to fetch the verification code.
> 💡 Don't have the key? Contact [Skyvern Support](mailto:support@skyvern.com) and we can help you get it.
Here's the TOTP endpoint contract you should use:
## Option 2: Email Verification Code
Email verification codes require you to set up a forwarding rule that forwards these emails to a Skyvern endpoint.
Request (POST):
| Parameter | Type | Required? | Sample Value | Description |
| --- | --- | --- | --- | --- |
| task_id | String | yes | tsk_123 | The task ID that needs the verification to be done |
The forwarding rule can be set up using [Gmail + Zapier](https://zapier.com/app/home) or similar tools. (instructions below)
Response:
| Parameter | Type | Required? | Sample Value | Description |
| --- | --- | --- | --- | --- |
| task_id | String | yes | tsk_123 | The task ID that needs the verification to be done |
| verification_code | String | no | 123456 | The verification code |
> 💡 *Coming Soon*: We plan to provide email forwarding addresses that make this easier to set up
### Validate The Sender of The Request
Same as the webhook API, your server needs to make sure its Skyvern thats making the request.
- a python example for how to generate and validate the signature:
```python
def validate_skyvern_request_headers(request: Request) -> bool:
header_skyvern_signature = request.headers["x-skyvern-signature"]
payload = request.body() # this is a bytes
hash_obj = hmac.new(SKYVERN_API_KEY.encode("utf-8"), msg=payload, digestmod=hashlib.sha256)
client_generated_signature = hash_obj.hexdigest()
return header_skyvern_signature == client_generated_signature
```
SKYVERN_API_KEY: you can get the API KEY from [Skyvern Settings](https://app.skyvern.com/settings).
## Option 3: Push Code To Skyvern
Find TOTP API doc [here](/api-reference/api-reference/credentials/send-totp-code).
You can pass `totp_identifier` when running [a task](/api-reference/api-reference/agent/run-task) or a [workflow](/api-reference/api-reference/agent/run-workflow). When the TOTP code arrives at your inbox, all you need to do is to send the email/message (Gmail + Zapier integration can be a good solution to set up email forwarding) to Skyvern's TOTP endpoint.
You can pass `totp_identifier` when running [a task](/api-reference/api-reference/agent/run-task) or a [workflow](/api-reference/api-reference/agent/run-workflow). When the TOTP code arrives at your inbox, all you need to do is to send the email/message to Skyvern's [TOTP endpoint](/api-reference/api-reference/credentials/send-totp-code).
### Forwarding Your Email To Skyvern (Gmail + Zapier)
This setup requires a Zapier Pro plan account.
@@ -132,4 +106,108 @@ In Zapier: under the “Test” of the Webhooks action, send a request to test i
<p align="center">
<img src="../images/totp/test_end_to_end.png"/>
</p>
</p>
## Option 3: Phone Verification Code
Phone verification codes are supported the same way as email verification codes. You will need to set up a forwarding rule that forwards these messages to a Skyvern endpoint.
A good solution to set up this forwarding rule is to use virtual phone number services such as [Twilio](https://www.twilio.com/en-us/docs/usage/tutorials/how-to-use-your-free-trial-account) or [Pilvo](https://www.pilvo.com/en/us/virtual-phone-number).
Make sure you pass `totp_identifier` when running [a task](/api-reference/api-reference/agent/run-task) or a [workflow](/api-reference/api-reference/agent/run-workflow). When the TOTP code arrives at your virtual phone number, all you need to do is to send the message to Skyvern's TOTP endpoint.
You can use the following code to forward the message to Skyvern:
```python
// Twilio Function to post 2FA data to Skyvern API
exports.handler = async function(context, event, callback) {
const axios = require('axios');
const apiUrl = 'https://api.skyvern.com/v1/credentials/totp';
const apiKey = '{{your api key}}';
const totpIdentifier = '{{your totp identifier (could be phone number)}}';
const requestBody = {
totp_identifier: totpIdentifier,
content: event.Body || "Default 2FA message",
source: "phone"
};
const response = new Twilio.Response();
response.appendHeader('Content-Type', 'application/json');
try {
const apiResponse = await axios.post(apiUrl, requestBody, {
headers: {
'Content-Type': 'application/json',
'x-api-key': apiKey
}
});
response.setStatusCode(200);
response.setBody({
status: 'success',
message: '2FA message sent',
data: apiResponse.data
});
} catch (error) {
response.setStatusCode(500);
response.setBody({
status: 'error',
message: error.message,
details: error.response?.data || null
});
}
return callback(null, response);
};
```
## Option 4: Let Skyvern get the code from your server (webhook)
You can pass `totp_url` when running [a task](/api-reference/api-reference/agent/run-task) or a [workflow](/api-reference/api-reference/agent/run-workflow). Inside this endpoint hosted by you, you have to conform to the following schema:
### Set Up Your TOTP Endpoint
For websites that requires a verification code to complete a task, you have to set up a TOTP endpoint for Skyvern to fetch the verification code.
Here's the TOTP endpoint contract you should use:
Request (POST):
| Parameter | Type | Required? | Sample Value | Description |
| --- | --- | --- | --- | --- |
| task_id | String | yes | tsk_123 | The task ID that needs the verification to be done |
Response:
| Parameter | Type | Required? | Sample Value | Description |
| --- | --- | --- | --- | --- |
| task_id | String | yes | tsk_123 | The task ID that needs the verification to be done |
| verification_code | String | no | 123456 | The verification code |
### Validate The Sender of The Request
Same as the webhook API, your server needs to make sure its Skyvern thats making the request.
- a python example for how to generate and validate the signature:
```python
def validate_skyvern_request_headers(request: Request) -> bool:
header_skyvern_signature = request.headers["x-skyvern-signature"]
payload = request.body() # this is a bytes
hash_obj = hmac.new(SKYVERN_API_KEY.encode("utf-8"), msg=payload, digestmod=hashlib.sha256)
client_generated_signature = hash_obj.hexdigest()
return header_skyvern_signature == client_generated_signature
```
`SKYVERN_API_KEY`: you can get the API KEY from [Skyvern Settings](https://app.skyvern.com/settings).
## Option 5: One Time Login Link
One time login links are supported by breaking your workflow / task into two parts:
1. Login to trigger the one time login link
2. Trigger the rest of your task / workflow based on the one time login link as the starting point
You will need to set up something (e.g. Zapier) that monitors the email inbox for incoming magic links. Once you get the link, you can use it to trigger the rest of your task / workflow.
When triggering the rest of your task / workflow, you can pass the one time login link as the starting point (e.g. url parameter), and Skyvern will start the new session already logged in.