okta / okta-signin-widget

HTML/CSS/JS widget that provides out-of-the-box authentication UX for your organization's apps
Other
376 stars 319 forks source link

Okta accepts invalid phone number #1161

Open evapeng opened 4 years ago

evapeng commented 4 years ago

:information_source: If you have a question, please post it on the Okta Developer Forum instead. Issues in this repository are reserved for bug reports and feature requests.

I'm submitting a

Background info

SMS MFA Validation works even if there is an extra digit at the end, or random symbols throughout.

Expected behavior

Phone number should be considered invalid.

What went wrong?

Inputting the correct phone number with an extra digit at the end, or random symbols throughout will still be considered valid.

Steps to reproduce

  1. First enter a phone number with invalid symbol or letter (ex. '225849183@' )
  2. Click "Send code" (this should trigger an error)
  3. Type in your valid phone number with an extra number at the end
  4. Click "Send code"

Your environment

aarongranick-okta commented 4 years ago

internal ref: OKTA-298389