Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OTP login with SMS #3779

Closed
4 of 5 tasks
marcus-sa opened this issue Feb 24, 2024 · 10 comments · Fixed by #4104
Closed
4 of 5 tasks

Support OTP login with SMS #3779

marcus-sa opened this issue Feb 24, 2024 · 10 comments · Fixed by #4104
Assignees
@aeneasr
Labels
feat New feature or request.

Comments

@marcus-sa
Copy link

marcus-sa commented Feb 24, 2024
edited
Loading

Preflight checklist

Ory Network Project

https://youthful-meninsky-8q4djabyct.projects.oryapis.com

Describe the bug

I'm trying to setup a passwordless phone registration flow.
I've followed the docs and no matter what I do I get this error: credentials.code.via has unknown value "sms" when trying to send a SMS code.
This is my identity schema:

{
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "phone": {
          "type": "string",
          "format": "tel",
          "title": "Phone number",
          "minLength": 3,
          "ory.sh/kratos": {
            "credentials": {
              "code": {
                "identifier": true,
                "via": "sms"
              }
            },
            "verification": {
              "via": "sms"
            }
          }
        }
      },
      "required": [
        "phone"
      ],
      "additionalProperties": false
    }
  }
}

I've tried all sorts of combinations, but nothing works.
Here's my identity config:

cookies:
  domain: youthful-meninsky-8q4djabyct.projects.oryapis.com
  path: /
  same_site: Lax
courier:
  channels:
    - id: sms
      request_config:
        auth:
          config:
            password: xxx
            user: xxx
          type: basic_auth
        body: https://storage.googleapis.com/bac-gcs-production/68dbe76c2f176b9bb0e10953d13c9d3fbf8c2baf240ee10304a9e84b78ade91c89bf7b110c88e9f06f682ff46ee9e7d70289a0a095597d8723ffbccc97838392.jsonnet
        headers:
          Content-Type: application/x-www-form-urlencoded
        method: POST
        url: xxx
      type: http
  smtp:
    from_name: Zap via Ory
  templates:
    login_code:
      valid:
        email:
          body: {}
        sms:
          body:
            plaintext: xxx
    recovery:
      invalid:
        email:
          body: {}
      valid:
        email:
          body: {}
    recovery_code:
      invalid:
        email:
          body: {}
      valid:
        email:
          body: {}
    registration_code:
      valid:
        email:
          body: {}
    verification:
      invalid:
        email:
          body: {}
      valid:
        email:
          body: {}
    verification_code:
      invalid:
        email:
          body: {}
      valid:
        email:
          body: {}
        sms:
          body:
            plaintext: xxx
feature_flags:
  cacheable_sessions: false
  use_continue_with_transitions: false
identity:
  default_schema_id: xxx
  schemas: []
oauth2_provider:
  override_return_to: true
organizations: []
preview:
  default_read_consistency_level: strong
selfservice:
  allowed_return_urls:
    - https://youthful-meninsky-8q4djabyct.projects.oryapis.com
    - /ui/consent
    - /ui/error
    - /ui/login
    - /ui/logout
    - /ui/recovery
    - /ui/registration
    - /ui/sessions
    - /ui/settings
    - /ui/verification
    - /ui/welcome
  default_browser_return_url: /ui/welcome
  flows:
    error:
      ui_url: /ui/error
    login:
      after:
        code:
          hooks: []
        hooks: []
        lookup_secret:
          hooks: []
        oidc:
          hooks: []
        password:
          hooks: []
        totp:
          hooks: []
        webauthn:
          hooks: []
      before:
        hooks: []
      lifespan: 30m0s
      ui_url: /ui/login
    logout:
      after: {}
    recovery:
      after:
        hooks: []
      before:
        hooks: []
      enabled: true
      lifespan: 30m0s
      notify_unknown_recipients: false
      ui_url: /ui/recovery
      use: code
    registration:
      after:
        code:
          hooks: []
        hooks: []
        oidc:
          hooks:
            - hook: session
        password:
          hooks:
            - hook: session
        webauthn:
          hooks:
            - hook: session
      before:
        hooks: []
      enabled: true
      lifespan: 30m0s
      login_hints: true
      ui_url: /ui/registration
    settings:
      after:
        hooks: []
        lookup_secret:
          hooks: []
        oidc:
          hooks: []
        password:
          hooks: []
        profile:
          hooks: []
        totp:
          hooks: []
        webauthn:
          hooks: []
      before:
        hooks: []
      lifespan: 30m0s
      privileged_session_max_age: 5m0s
      required_aal: highest_available
      ui_url: /ui/settings
    verification:
      after:
        hooks: []
      before:
        hooks: []
      enabled: true
      lifespan: 30m0s
      notify_unknown_recipients: false
      ui_url: /ui/verification
      use: code
  methods:
    code:
      config:
        lifespan: 15m0s
      enabled: true
      mfa_enabled: false
      passwordless_enabled: true
    link:
      config:
        base_url: ''
        lifespan: 15m0s
      enabled: true
    lookup_secret:
      enabled: true
    oidc:
      config:
        providers: []
      enabled: true
    password:
      config:
        haveibeenpwned_enabled: true
        identifier_similarity_check_enabled: true
        ignore_network_errors: true
        max_breaches: 1
        min_password_length: 8
      enabled: false
    profile:
      enabled: true
    totp:
      config:
        issuer: Zap
      enabled: true
    webauthn:
      config:
        passwordless: true
        rp:
          display_name: Zap
          id: youthful-meninsky-8q4djabyct.projects.oryapis.com
          origins:
            - https://youthful-meninsky-8q4djabyct.projects.oryapis.com
      enabled: true
serve:
  admin:
    base_url: https://youthful-meninsky-8q4djabyct.projects.oryapis.com/
    request_log:
      disable_for_health: true
  public:
    base_url: https://youthful-meninsky-8q4djabyct.projects.oryapis.com/
    cors:
      enabled: false
    request_log:
      disable_for_health: true
session:
  cookie:
    domain: youthful-meninsky-8q4djabyct.projects.oryapis.com
    name: xxx
    path: /
    persistent: true
    same_site: Strict
  lifespan: 72h0m0s
  whoami:
    required_aal: highest_available
    tokenizer:
      templates: {}

Reproducing the bug

https://youthful-meninsky-8q4djabyct.projects.oryapis.com/ui/registration

Use the identity schema and identity config above.

Relevant log output

No response

Relevant configuration

No response

Version

Cloud

On which operating system are you observing this issue?

None

In which environment are you deploying?

Ory Network

Additional Context

No response
@marcus-sa marcus-sa added the bug Something is not working. label Feb 24, 2024
@OlegOLK
Copy link

OlegOLK commented Feb 26, 2024

Up for that, had the same issue with cloud Ory.

@jonas-jonas
Copy link
Member

Which docs are you referring to?

Plain registration and login doesn't work yet, you'll still need an email address. You can, however, verify the phone number and use it for MFA.

@marcus-sa
Copy link
Author

Which docs are you referring to?

Plain registration and login doesn't work yet, you'll still need an email address. You can, however, verify the phone number and use it for MFA.

I find it very confusing that you can enable passwordless login, but you cannot login with a SMS code.

@marcus-sa
Copy link
Author

marcus-sa commented Feb 26, 2024
edited
Loading

Which docs are you referring to?
Plain registration and login doesn't work yet, you'll still need an email address. You can, however, verify the phone number and use it for MFA.

I find it very confusing that you can enable passwordless login, but you cannot login with a SMS code.

I've spent countless hours trying to setup Kratos, so if the problem is that it's not supported, then I'll unfortunately have to use another IAM instead, unless you can give me an ETA for when it'll be supported.

@marcus-sa
Copy link
Author

marcus-sa commented Feb 26, 2024
edited
Loading

Which docs are you referring to?

Plain registration and login doesn't work yet, you'll still need an email address. You can, however, verify the phone number and use it for MFA.

According to the identity schema editor this is valid (and it's also not stated anywhere in the docs that it's not supported):

"code": {
  "identifier": true,
  "via": "sms"
}

@OlegOLK
Copy link

OlegOLK commented Feb 26, 2024

Hi @jonas-jonas , is there a way to do Auth without Email? Only phone number? Because on UI schema allow to set code:via = sms but when we are doing Sign Up - we got this strange error that value is not supported
'credentials.code.via has unknown value "sms"'

@marcus-sa
Copy link
Author

@jonas-jonas sorry for spamming you, but I'm blocked until I know if it's something you're gonna support in the near future.

@jonas-jonas
Copy link
Member

We're looking into it at the moment, but don't have a concrete timeline yet.

@aeneasr
Copy link
Member

aeneasr commented Mar 1, 2024

Hey, sorry to hear that you're blocked. I think Jonas was pretty clear when he said that that OTP login with SMS is not (yet) supported. We don't have a timeline for this feature at the moment as we don't have enough commercial demand for it.

@aeneasr aeneasr changed the title credentials.code.via has unknown value "sms" Support OTP login with SMS Mar 1, 2024
@aeneasr aeneasr added feat New feature or request. and removed bug Something is not working. labels Mar 1, 2024
@lanphan
Copy link
Contributor

lanphan commented Mar 5, 2024

@aeneasr

AFAIK, SMS is not supported for "code" strategy, but it's already implemented for "password" strategy, is it correct?
It means that, we can use Ory Kratos for a scenario to allow user to use phone number as a identifier, and use SMS to verify, then allow user to set password?

@aeneasr aeneasr mentioned this issue Sep 16, 2024
Merged
8 tasks
@aeneasr aeneasr added blocking Blocks milestones or other issues or pulls. pending reply Awaiting reply of author or contributor. Issue will be closed on inactivity. and removed blocking Blocks milestones or other issues or pulls. labels Sep 19, 2024
@aeneasr aeneasr self-assigned this Oct 1, 2024
@aeneasr aeneasr removed the pending reply Awaiting reply of author or contributor. Issue will be closed on inactivity. label Oct 1, 2024
@aeneasr aeneasr closed this as completed in 462cea9 Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
feat New feature or request.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: passwordless SMS and expiry notice in code / link templates ory/kratos
5 participants
@lanphan @aeneasr @jonas-jonas @marcus-sa @OlegOLK