Update MFA hosted page to use SMS OTP best practices

mooreds commented 2 years ago

Update MFA hosted page to use SMS OTP best practices

Problem

There are easy ways to make SMS OTP better. Let's have the themes/sms templates default to using them.

Solution

Use the element with: type="text" inputmode="numeric" autocomplete="one-time-code"
Use @BOUND_DOMAIN #OTP_CODE as the last line of the OTP SMS message.
Use the WebOTP API.

Alternatives/workarounds

Document these so that implementors can do them easily.

Additional context

Drawn from: https://web.dev/sms-otp-form/

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

robotdan commented 2 years ago

Use the element with: type="text" inputmode="numeric" autocomplete="one-time-code"

These items can be done in a theme today.

mooreds commented 2 years ago

Yup. Goal is to have the default themes use these easy best practices.

Let's have the themes/sms templates default to using them.

mooreds commented 11 months ago

new improved WebOTP docs: https://developer.mozilla.org/en-US/docs/Web/API/WebOTP_API

FusionAuth / fusionauth-issues