search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 727 forks source link

Have the concept of verified claims in Identity Server #6650

Closed sanethmaduranga closed 1 day ago

sanethmaduranga commented 5 years ago

Updated Description: Need $subject and different verifying mechanisms that is suited for different claims.

Original Description: With the current implementation of the WSO2-IS, it is the SMS-OTP generation and validation is only bonded to the 'SMS-OTP' authenticator as per the documentation[1].

But when come to real-world use case like verify mobile phone numbers entered or updated in the user profile by users though the SMS-OTP, that cannot be done with the current implementation.

Simply this means to validate the mobile number user claim through the SMS-OTP. Appreciate it if such kind of feature will be avaible in future relases of WSO2-IS.

[1] - https://docs.wso2.com/display/IS580/Configuring+SMS+OTP

darshanasbg commented 5 years ago

IMO, we shouldn't have this as a service that can be used to consume by external clients. IDP should not be consumed as an SMS client or a OTP generator for an external client..

Still, having the concept of verified claims and having the ability to select the verifying mechanism is important.

Hence changing the title and the issue description.

isharak commented 1 day ago

This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!