feat: Passwordless SMS code authentication #2033
Conversation
splaunov
changed the title
|
@alexey-reshetnik Hi! I have merged code from your PR #1941 to take advantage of sending authentication SMS codes through courier. |
|
Thank you for continuing the work on this! Tag me for a review once you want it :) |
Have submitted for review. Will appreciate your feedback! |
|
Thank you very much for picking up the development. I fell out from work for couple of weeks due to family emergency |
|
Thank you, to be honest I have a bit of a hard time reviewing the PR because it is so large. Could you maybe explain what the PR solves in particular? Adding documentation could also be very helpful to understand e.g. how to set it up! |
|
Another important topic is probably wether this "code" strategy can be used for email also? So #1451? |
|
While the PR is being worked on I will mark it as a draft. That declutters our review backlog :) Once you're done with your changes and would like someone to review them, mark the PR as ready and request a review from one of the maintainers. Thank you! |
|
One of the PRs by @alexey-reshetnik was now merged :) The other one (courier) is also looking very solid! |
splaunov
force-pushed
the
feature/sms-login
branch
from
c416fec
to
0e989ab
Compare
Yes, great idea. Have renamed the strategy from |
|
When logging in with the same phone number multiple times, there are duplicate records in the identities table, which seems to be wrong. I modified the selfservice/strategy/sms/login.go file and it seems to have solved the problem. |
splaunov
force-pushed
the
feature/sms-login
branch
2 times, most recently
from
82ccb3b
to
1e01289
Compare
splaunov
force-pushed
the
feature/sms-login
branch
2 times, most recently
from
bec33a4
to
41cef7e
Compare
|
@yingy77 thanks for reporting the issue! |
|
Have added verification flow to the |
|
I have a requirement to add fixed-code logins for testing purposes and to ease apple review process for iOS apps. @aeneasr what do you think about this? |
|
Hey there, I am currently working on passwordless auth using webauthn. I suggest that once it is merged we copy that pattern for SMS auth: #2260 |
splaunov
force-pushed
the
feature/sms-login
branch
from
307aace
to
de1f301
Compare
splaunov
force-pushed
the
feature/sms-login
branch
from
7ca3450
to
65d1d6c
Compare
@aeneasr can you summarise what are the key points of the pattern? |
splaunov
force-pushed
the
feature/sms-login
branch
from
b37b16d
to
ba9c5c3
Compare
|
Ok, I'm back from vacation and have time to review this :) |
|
This would be a great feature to have! |
|
Any updates for this? I agree this is a great feature. A lot of people like to login with code sent through SMS. |
|
Any update on this feature? We are planning to move from firebase, the only blocker is this SMS feature |
No update, contributions welcome. |
same for us I guess, waiting for this to be merged to been able to use kratos |
|
I am also waiting for this to be able to use Kratos. Would like to see this soon! |
|
Hi, what is pending to get this PR merged? I am happy to spend some time to get it to completion. We need this change as soon as possible. We have already decided to use kratos but we can't go to production unless this change is merged. Thank you. |
|
May I please know why this ubiquitous use case is still not in kratos. Even after we have a PR? Is there anything we can do to help this feature along? |
splaunov
force-pushed
the
feature/sms-login
branch
from
97d60b1
to
a972194
Compare
|
@aeneasr Can u pls look into this and merge it with the main branch?? The absence of this (much required) feature is the only thing that is keeping us from migrating to Ory . |
|
It seems that the Passwordless SMS code flow is quite similar to #3378, especially with the help of the Since #3378 is merged (and works well in our deployment), I am a little curious about why this PR needs to change 5000 LOC to implement the Passwordless SMS code authentication. @aeneasr it seems that you are the BDFL of this project, could you please make some comments about why this PR needs so much time to be merged? If the reason is lacking of workers, I am willing to complete the remain work. |
splaunov
force-pushed
the
feature/sms-login
branch
from
c4d8cdc
to
2542efd
Compare
splaunov
force-pushed
the
feature/sms-login
branch
2 times, most recently
from
70c409a
to
8f9ad19
Compare
fix: android app expects 6 digit verification code (PS-186) (cherry picked from commit c4d8cdc) feat: reduce verification code length to 4 (PS-183) (cherry picked from commit af55347) feat: add url link to SMS phone verification message (PS-153) (cherry picked from commit 0d5a9ab) fix: sort ui nodes when `code` is added - add test (PS-144) (cherry picked from commit e1dd6ae) fix: sort ui nodes when `code` is added (PS-144) (cherry picked from commit 9a120fc) feat: set flow active method for `code` strategy (PS-144) (cherry picked from commit 71ba520) feat: set transient_payload to `code` method registration flow (PS-122) (cherry picked from commit 83de4a5) ignore: add TemplateData to sms message body template context (CORE-2361) (cherry picked from commit f0eff32) ignore: fix flaky test (CORE-2361) (cherry picked from commit 485e7cc) feat: add `transient_payload` to `code` login and register flows (CORE-2361) (cherry picked from commit e103508) fix(sms-login): error handling for invalid sms code (cherry picked from commit 781dfe1) fix(sms-login): verify phones with code even if verification.use = link (cherry picked from commit 9e0f4b1) feat: sms-login initial commit fix: change group for 'identifier' field feat: add sms spam protection to `code` strategy fix: delete credential identifier if trait deleted fix: sms spam protection 'like' clause fix: Validate and normalize phone numbers chore: format feat: normalize phone number if used as identifier fix: correctly process invalid phone numbers feat: add standby SMS service (cherry picked from commit a972194)
splaunov
force-pushed
the
feature/sms-login
branch
from
8f9ad19
to
956863e
Compare
|
This feature is now available in Ory Kratos! :) Thank you for your contribution |
|
Sorry, I thought this was email code login, which is supported (sms passwordless login is afaik not yet supported). |
|
any update about this feature? |
|
This should now be possible on master by using an sms channel and code with passwordless! I‘m closing this PR as it is obsolete |
|
Looks like it's not fully here yet, but almost! |
Implements new "SMS" login strategy. This strategy requires two login flow submissions:
Related issue(s)
#1570
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
[email protected]) from the maintainers to push
the changes.
works.
Further Comments