Closed bigludo7 closed 1 year ago
Check if good practise are existing for OTP code lenght. Why 10 and not 6.
@monamok @DT-DawidWroblewski I make some search on this topic. I did not find a 'global' rule but more a rules per API provider: Twillio: The API supports token lengths between 4 and 10 digits with a default of 6 digits IBM: 6-digit code Amazon: OTP codes can contain between 5 and 8 digits, inclusive Vonage: 4 or 6
And I asked to chatGPT : What is the standard password length for password in OTP API ? "The standard password length for one-time passwords generated by OTP APIs can vary depending on the specific implementation and requirements of the application or service using the OTP API. However, in general, OTP passwords are typically shorter than traditional passwords, with a typical length of 6 to 8 digits. This is because the primary purpose of OTPs is to provide a temporary, one-time password that is valid for a short period of time, typically only a few minutes."
So I think we can faily set the max to 10 (max of the one I have found)
merged
As we did for the
code
in thesend-code
operation, we should addmaxLenght
limitation in thevalidate-code
request forauthenticationId
(max lenght set to 36) andcode
(10).Any objection from the team?