search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 727 forks source link

SMS OTP doesn't work as a second factor authentication option #18165

Closed AnuradhaSK closed 11 months ago

AnuradhaSK commented 11 months ago

Describe the issue:

  1. Configure an SMS provider (Twillio/Vonage) via the Console

  2. Create a user with a mobile number

  3. Create an application and set SMS OTP as the first factor

  4. Try user login to the application. SMS OTP works fine

  5. Change the application login option as 1st step -username password 2nd step - SMS OTP

  6. Try user login for the application

  7. The SMS OTP step is skipped. The user is not getting an OTP also UI doesn't prompt to enter

https://github.com/wso2/product-is/assets/25483865/f6b5c3b4-961d-40f1-b4f2-25f747cb3a7f

AnjanaSamindraPerera commented 11 months ago

As for the analysis state of the adaptive script not properly working so it has weird behaviour with authentication steps. This is caused by https://github.com/wso2/identity-apps/pull/4806 and the solution needs to be improved. As an example with a fresh beta pack adding username/password as the first step and then adding TOTP as the second step gives the same behavior. Here even though we added two execution steps only one is shown in the adaptive script window.

https://github.com/wso2/product-is/assets/38417165/5113905d-f5ae-417b-8d2f-2df4ee34c2fc