- staging or preview login flows
- QA automation for phone OTP
- browser agents that must complete your own auth flow
- provider configuration for Supabase/Auth0/Firebase/Clerk-style phone auth
- SMS delivery diagnostics across provider, template, and number-class behavior
This is different from trying arbitrary consumer signup pages. Controlled auth lets you prove whether the OTP provider actually attempted SMS delivery and whether AgentSIM received it.
Recommended runbook
If AgentSIM receives nothing, check whether the provider sent, throttled, rejected, or suppressed the message.
Supabase Auth checklist
Before blaming AgentSIM forno_sms, verify:
- Phone login is enabled.
- SMS provider credentials are configured.
- US numbers are allowed by your provider/policy.
- Provider logs show an outbound SMS attempt.
- Rate limits are not suppressing repeated test sends.
Auth0 Passwordless SMS checklist
Verify:- Passwordless SMS connection is enabled.
- The application/client can use that connection.
- SMS provider or custom phone provider is configured.
- Tenant logs show whether Auth0 accepted or rejected the send.
Firebase Phone Auth checklist
Firebase phone auth often includes app verification and reCAPTCHA constraints. Verify:- Phone auth is enabled.
- The web API key is correct.
- The reCAPTCHA/app verification token is valid for the test environment.
- Firebase quotas are not suppressing sends.
- You are not mixing test phone numbers with real SMS delivery expectations.
Custom OTP systems
For your own auth service, use REST or an SDK:Success criteria
Promote a controlled-auth workflow to “verified” only after:- multiple runs receive SMS and parse OTPs
- failures are explainable from provider logs or AgentSIM outcomes
- the test works with fresh AgentSIM sessions
- your automation releases sessions reliably