Skip to main content
Controlled auth is the best near-term AgentSIM fit because you own the OTP trigger, logs, templates, rate limits, and retry behavior. Use this path when you are testing:
  • staging or preview login flows
  • QA automation for phone OTP
  • browser agents that must complete your own auth flow
  • provider configuration for Supabase/Auth0/Firebase/Clerk-style phone auth
  • SMS delivery diagnostics across provider, template, and number-class behavior
This is different from trying arbitrary consumer signup pages. Controlled auth lets you prove whether the OTP provider actually attempted SMS delivery and whether AgentSIM received it.
1
Provision an AgentSIM session
2
Create a temporary number and label the destination.
3
Trigger your provider
4
Ask Supabase/Auth0/Firebase/Clerk/custom auth to send an OTP to that number.
5
Wait for AgentSIM delivery
6
Wait 120 to 300 seconds for diagnostics runs.
7
Compare provider logs
8
If AgentSIM receives nothing, check whether the provider sent, throttled, rejected, or suppressed the message.
9
Release and record outcome
10
Store otp_received, sms_no_otp, no_sms, or trigger_failed with enough context to debug the next run.

Supabase Auth checklist

Before blaming AgentSIM for no_sms, verify:
  • Phone login is enabled.
  • SMS provider credentials are configured.
  • US numbers are allowed by your provider/policy.
  • Provider logs show an outbound SMS attempt.
  • Rate limits are not suppressing repeated test sends.

Auth0 Passwordless SMS checklist

Verify:
  • Passwordless SMS connection is enabled.
  • The application/client can use that connection.
  • SMS provider or custom phone provider is configured.
  • Tenant logs show whether Auth0 accepted or rejected the send.

Firebase Phone Auth checklist

Firebase phone auth often includes app verification and reCAPTCHA constraints. Verify:
  • Phone auth is enabled.
  • The web API key is correct.
  • The reCAPTCHA/app verification token is valid for the test environment.
  • Firebase quotas are not suppressing sends.
  • You are not mixing test phone numbers with real SMS delivery expectations.

Custom OTP systems

For your own auth service, use REST or an SDK:
const session = await agentsim.provision({
  agentId: "auth-qa",
  country: "US",
  serviceUrl: "https://staging.example.com/auth/phone",
});

await yourAuthApi.sendPhoneOtp({ phone: session.number });

try {
  const otp = await session.waitForOtp({ timeout: 180 });
  await yourAuthApi.verifyPhoneOtp({ phone: session.number, code: otp.otpCode });
} finally {
  await session.release();
}

Success criteria

Promote a controlled-auth workflow to “verified” only after:
  1. multiple runs receive SMS and parse OTPs
  2. failures are explainable from provider logs or AgentSIM outcomes
  3. the test works with fresh AgentSIM sessions
  4. your automation releases sessions reliably
That gives you repeatable, debuggable evidence that the workflow is ready for production.