IssueTracker

This will create a feature request which anybody can view and comment on.

Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.

What you would like to accomplish:

Currently the non-Google account authentication feature only allows to specify the username and password fields, but this is not the case for all apps.

In my case, our app uses email and password fields for logging in. Others apps might use different fields or more than 2 fields to log in.

It'd be great if we could dynamically add fields for the login page, specifying the field name and its value.

How this might work:

In the Web Security Scanner edit page, under Authentication, when selecting Non-Google Account, have the following fields:

• The Sign-in page URL (stays the same)
• A button to add a row with two column: the field name (username, email, password, id, etc), and the value.
• The user should be able to click the button to add as many fields as necessary (might want to set a limit of fields though)

If applicable, reasons why alternative solutions are not sufficient:

Not all apps have Google Account authentication or OAuth, and the current Non-Google account setup is kind of rigid, only allowing username and password fields.

Other information (workarounds you have tried, documentation consulted, etc):

I checked the Creating a scan docs and under Authentication > Non-Google account field it explains that non-conventional login forms won't work.

Implementing other authentication methods mentioned in the scanner edit page will require more effort.