You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OTP errors are not differentiated and are all treated equally as being invalid OTPs (meaning that eg: ground truth value is 0000 but entered value is 1111), even when some OTPs are expired.
For a clear example of this, see src/routes/v2/authenticated/users.ts, line 104, where we call the verifyOtp method and if it fails, returns a generic BadRequestError instead of attempting to further distinguish the error.
Suggested solution
distinguish the error at totpGenerator
return diff error messages based on the above
The text was updated successfully, but these errors were encountered:
Problem
OTP errors are not differentiated and are all treated equally as being invalid OTPs (meaning that eg: ground truth value is 0000 but entered value is 1111), even when some OTPs are expired.
For a clear example of this, see
src/routes/v2/authenticated/users.ts, line 104, where we call theverifyOtpmethod and if it fails, returns a genericBadRequestErrorinstead of attempting to further distinguish the error.Suggested solution
totpGeneratorThe text was updated successfully, but these errors were encountered: