search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
742 stars 722 forks source link

Missing parameter in the SMS/Email OTP response body in API based authentication #20219

Closed Achintha444 closed 4 months ago

Achintha444 commented 5 months ago

Describe the issue: In SMS/Email OTP response body in API based authentication, "authenticator" parameter is missing.

{
  "flowId": "f8ace173-fa73-4f6b-ae42-5d27a863acb2",
  "flowStatus": "INCOMPLETE",
  "flowType": "AUTHENTICATION",
  "nextStep": {
    "stepType": "AUTHENTICATOR_PROMPT",
    "authenticators": [
      {
        "authenticatorId": "ZW1haWwtb3RwLWF1dGhlbnRpY2F0b3I6TE9DQUw",
        "idp": "LOCAL",
        "metadata": {
          "i18nKey": "authenticator.email.otp",
          "promptType": "USER_PROMPT",
          "params": [
            {
              "param": "OTPCode",
              "type": "STRING",
              "order": 1,
              "i18nKey": "code.param",
              "displayName": "Code",
              "confidential": true
            }
          ]
        },
        "requiredParams": [
          "OTPCode"
        ]
      }
    ]
  },
  "links": [
    {
      "name": "authentication",
      "href": "https://dev.api.asgardeo.io/t/guardioii/oauth2/authn",
      "method": "POST"
    }
  ]
}

How to reproduce:

  1. Enable API based authentication in an application.
  2. Add Email/SMS OTP as a second factor authenticator in the application's login flow.
  3. View the response.

Expected behavior: In the response "authenticator" value should be present.

movinsilva commented 4 months ago

I encountered the same issue when Email OTP is configured in the login flow.

When authn API is called, authenticator value is missing in the response body. However in the authorize API call, if its present in the first step, it returns the authenticator correctly, in its response body.