Error setting up SMS OTP

[korridor]

During the action “CONFIGURE_SMS_OTP” only get the following error: Phone number not found

Looks to me like this error comes from here: https://github.com/cooperlyt/keycloak-phone-provider/blob/a7acd58101e79dfaa048261470ab4cba3fe16249/keycloak-phone-provider/src/main/java/cc/coopersoft/keycloak/phone/providers/rest/TokenCodeResource.java#L53

Looks to me like a bug because if I set up an SMS OTP I don't need a phone number as a user property, right? I would like to fix that, but I do not get where tokenCodeType comes from. If you provide me with a bit more information, I can provide a PR.

[Teut2711]

Hi, can you tell how you got this form? Can you make a video of how to set it up?

[korridor]

I can send you a few screenshots of the configuration, in a few hours. Does using SMS only as a second factor work for you?

[Teut2711]

I used twilio api for now

On Wed, 12 Jul, 2023, 20:56 Constantin Graf, @.***> wrote:

I can send you a few screenshots of the configuration, in a few hours. Does using SMS only as a second factor work for you?

— Reply to this email directly, view it on GitHub https://github.com/cooperlyt/keycloak-phone-provider/issues/54#issuecomment-1632751705, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJVVIWRGJKBZJARVJ3RKC43XP263RANCNFSM6AAAAAAZCO3SJY . You are receiving this because you commented.Message ID: @.***>

[korridor]

@Teut2711 But with this plugin? And only as a second factor or instead of a password?

[korridor]

I started from a relatively blank realm.

1. Activate SMS authenticator

2. Duplicate default browser flow

3. Adapt the new flow to use SMS 2FA instead of OTP

4. Bind new custom flow as “browser flow”

5. If I create a new user and login, I'll be forced to setup SMS 2FA, but this does not work because I get the error from the screenshot.

[Teut2711]

Well, first user logins through username password-> otp screen comes up with this package=>I enter otp => I get to dashboard. I forgot if I put my phone number on that otp page.

[Teut2711]

In the examples/docker-compose.yaml,

Modify the command as follows for testing with twilio api.

command:

      - start-dev --spi-phone-default-service=twilio --spi-message-sender-service-twilio-account=AC0c7bc956dc97e07c49d4b6d53ad3c74d --spi-message-sender-service-twilio-token=7e283a3acb3dc032f881803abb161521 --spi-message-sender-service-twilio-number=+16186814535 

[korridor]

I get the SMS OTP screen (see screenshot in the original issue), but if I enter a telephone number I get a “Phone number not found” error.

Does your user registration require the user to provide a phone number? Does your 2FA page look like mine? Do you also have to enter a phone number or only the code?

[Teut2711]

Oh sorry, I was in the dilemma that it was my post. Try your std code. Like in India +0124-<some-10-digit-number> or for mobile number +91-<some-mobile-number-10-digits> . Also if it's twilio's api, you need to verify that number with twilio in test mode or buy a paid plan for spamming anyone.

[korridor]

I tried all types of phone numbers. I now also tried a indian phone number like this one: +917428730894 I'm currently using the dummy phone driver for testing purposes.

Could you send me the REST request that the client sends when you click on “Send code”? My custom theme might change the request somehow.

[Teut2711]

What api are you using? Is it some own implementation of yours of the base class or something from the given services?

[Teut2711]

Try twilio for the start and once you get that working, you can go with your own implementation. Twilio's api for testing is free.

[korridor]

I mean the API endpoint that this plugin provides. For example: realms/somerealm/sms/otp-code

[Teut2711]

After you put your number for the first time it saves it.

[Teut2711]

I really dont know why you first don't go with twilio then just overwrite the parts of that twilio/or dummy class by inheriting it to implement with your own api.

[korridor]

I don't have my own API I'm just using the plain dummy provider. I was talking about the XHR request that happens if you press the Send code button. That is not my API and I did not customize this API.

[Teut2711]

Please listen to me. Go to twilio, create an account, verify your number on twilio and use that in that mobile number box in your image. Get back if you have any trouble.

[Teut2711]

The first part of debugging is comparing things that work with things that don't work.

[korridor]

Are you saying that the Twilio provider is more stable than the dummy provider that was made for testing purposes?

[Teut2711]

First of all, dummy does nothing. It should print to console is what the docs say. Secondly, no, I am saying to use twilio because that worked for me.

[korridor]

My point was that it does not even work with the dummy provider, so I would assume it has nothing to do with the provider. More likely a problem with the configuration of the plugin itself.

Could you please send me a screenshot of your browser flow? Then I can compare it to your setup.

[solosky]

I am facing same problem here.

I have setup a fresh realm, and createed 2 users, A, B, and both of them do not have any phoneNumber attribute and not enrolled SMS OTP. Then I enabled Configure OTP over SMS required action in realm authentication.

When A login with his password, due to no SMS OTP configured, user A comes to configure OTP over SMS page. Now user A input his phone number N1 and click "Send Code", but unfornately it shows "Phone number not found", he cannot complete the SMS OTP setup and stuck there.

I checked the backend logic, it seems the js called the /realms/maple/sms/otp-code?phoneNumber=xxxxxx endpoint, in this endpoint, it searchs any user that have a attribute named phoneNumber and equals the phoneNumber parameter. If found, send the code, else it will return the message "Phone number not found".

 // everybody phones authenticator send AUTH code
    if( !TokenCodeType.REGISTRATION.equals(tokenCodeType) &&
        !TokenCodeType.AUTH.equals(tokenCodeType) &&
        !TokenCodeType.VERIFY.equals(tokenCodeType) &&
        Utils.findUserByPhone(session, session.getContext().getRealm(), phoneNumber).isEmpty()) {
      throw new ForbiddenException("Phone number not found");
    }

If I manually add phoneNumber attribute to user B with requested phoneNumber then login A with password, it sends the code correctly!!!

Actually, I dont understand the logic here, it's very strange, if all users in realms do not have phoneNumber attribute, how can I enable the SMS OTP feature, I am really confused.

Perhaps the js should call /realms/maple/sms/registration-code?phoneNumber=xxxxxx in the SMS OTP enrollment page...