omohokcoj
commented
1 month ago @mm-edtake mail OTP would be redundant because signers already receive emails with signature request message and a links. Links in those emails contain t=.... param which is used to capture email link click events from the signer. If the signer is able to open the email and click on the t=... link, it means they can access the email inbox with the given email address, and so the 'Email verified' message will be displayed in the Audit Log (t=.... param serves the purpose of OTP)
Hi,
I totally understand the idea to have a phone OTP in a paid version of Docuseal. But, we should be able to ensure the user identity with an email OTP or email tempLink in the self-hosted version too.
Currently, there's no way to ensure that the document link is not used by an unauthorized user.
Or maybe you have an idea how to ensure that ?