search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
746 stars 723 forks source link

SMS OTP: Does user provising and authentication can be done with only mobile number and otp #9077

Open adityamajeti opened 4 years ago

adityamajeti commented 4 years ago

Description:

When i configure SMS OTP of WSO2 3.1.0. I'm able to see two steps of authentication like first step with username and password and second step  with OTP.

But I need authentication in one step with otp: List Of APIS required for Provining 1) API to Register with mobile number - It will generate OTP. 2) API to Verify OTP - It will verify the otp, provide token as response and save the user to user store

  List of APIS required for authentication
        1) API to generate OTP - It will take mobile number as input and generates an OTP
        2) API to verify OTP - It will verify otp and provide token as response.

Steps to reproduce:

    Followed WSO2 3.1.0 Configuring SMS OTP documentation (https://is.docs.wso2.com/en/latest/learn/configuring-sms-otp/#configuring-backup-codes-for-smsotp)

Affected Product Version: 3.1.0 APIM

Environment details (with versions):

Optional Fields

Related Issues:

Suggested Labels:

Suggested Assignees:

ruwanta commented 4 years ago

Hi @adityamajeti Better to ask this question on APIM slack channel or the APIM developer list, as it is related to API Manager.

However, the theoretical answer is that , SMS OTP or email OTP are second factor. Someone needs to present the first factor, and then the second factor is presented to further safeguard the login process.