search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
728 stars 713 forks source link

Have the concept of verified claims in Identity Server #6650

Open sanethmaduranga opened 4 years ago

sanethmaduranga commented 4 years ago

Updated Description: Need $subject and different verifying mechanisms that is suited for different claims.

Original Description: With the current implementation of the WSO2-IS, it is the SMS-OTP generation and validation is only bonded to the 'SMS-OTP' authenticator as per the documentation[1].

But when come to real-world use case like verify mobile phone numbers entered or updated in the user profile by users though the SMS-OTP, that cannot be done with the current implementation.

Simply this means to validate the mobile number user claim through the SMS-OTP. Appreciate it if such kind of feature will be avaible in future relases of WSO2-IS.

[1] - https://docs.wso2.com/display/IS580/Configuring+SMS+OTP

darshanasbg commented 4 years ago

IMO, we shouldn't have this as a service that can be used to consume by external clients. IDP should not be consumed as an SMS client or a OTP generator for an external client..

Still, having the concept of verified claims and having the ability to select the verifying mechanism is important.

Hence changing the title and the issue description.