ory
Support OTP login with SMS
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [x] I have joined the Ory Community Slack.
- [ ] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
https://youthful-meninsky-8q4djabyct.projects.oryapis.com
Describe the bug
I'm trying to setup a passwordless phone registration flow.
I've followed the docs and no matter what I do I get this error: credentials.code.via has unknown value "sms" when trying to send a SMS code.
This is my identity schema:
{
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"phone": {
"type": "string",
"format": "tel",
"title": "Phone number",
"minLength": 3,
"ory.sh/kratos": {
"credentials": {
"code": {
"identifier": true,
"via": "sms"
}
},
"verification": {
"via": "sms"
}
}
}
},
"required": [
"phone"
],
"additionalProperties": false
}
}
}
I've tried all sorts of combinations, but nothing works. Here's my identity config:
cookies:
domain: youthful-meninsky-8q4djabyct.projects.oryapis.com
path: /
same_site: Lax
courier:
channels:
- id: sms
request_config:
auth:
config:
password: xxx
user: xxx
type: basic_auth
body: https://storage.googleapis.com/bac-gcs-production/68dbe76c2f176b9bb0e10953d13c9d3fbf8c2baf240ee10304a9e84b78ade91c89bf7b110c88e9f06f682ff46ee9e7d70289a0a095597d8723ffbccc97838392.jsonnet
headers:
Content-Type: application/x-www-form-urlencoded
method: POST
url: xxx
type: http
smtp:
from_name: Zap via Ory
templates:
login_code:
valid:
email:
body: {}
sms:
body:
plaintext: xxx
recovery:
invalid:
email:
body: {}
valid:
email:
body: {}
recovery_code:
invalid:
email:
body: {}
valid:
email:
body: {}
registration_code:
valid:
email:
body: {}
verification:
invalid:
email:
body: {}
valid:
email:
body: {}
verification_code:
invalid:
email:
body: {}
valid:
email:
body: {}
sms:
body:
plaintext: xxx
feature_flags:
cacheable_sessions: false
use_continue_with_transitions: false
identity:
default_schema_id: xxx
schemas: []
oauth2_provider:
override_return_to: true
organizations: []
preview:
default_read_consistency_level: strong
selfservice:
allowed_return_urls:
- https://youthful-meninsky-8q4djabyct.projects.oryapis.com
- /ui/consent
- /ui/error
- /ui/login
- /ui/logout
- /ui/recovery
- /ui/registration
- /ui/sessions
- /ui/settings
- /ui/verification
- /ui/welcome
default_browser_return_url: /ui/welcome
flows:
error:
ui_url: /ui/error
login:
after:
code:
hooks: []
hooks: []
lookup_secret:
hooks: []
oidc:
hooks: []
password:
hooks: []
totp:
hooks: []
webauthn:
hooks: []
before:
hooks: []
lifespan: 30m0s
ui_url: /ui/login
logout:
after: {}
recovery:
after:
hooks: []
before:
hooks: []
enabled: true
lifespan: 30m0s
notify_unknown_recipients: false
ui_url: /ui/recovery
use: code
registration:
after:
code:
hooks: []
hooks: []
oidc:
hooks:
- hook: session
password:
hooks:
- hook: session
webauthn:
hooks:
- hook: session
before:
hooks: []
enabled: true
lifespan: 30m0s
login_hints: true
ui_url: /ui/registration
settings:
after:
hooks: []
lookup_secret:
hooks: []
oidc:
hooks: []
password:
hooks: []
profile:
hooks: []
totp:
hooks: []
webauthn:
hooks: []
before:
hooks: []
lifespan: 30m0s
privileged_session_max_age: 5m0s
required_aal: highest_available
ui_url: /ui/settings
verification:
after:
hooks: []
before:
hooks: []
enabled: true
lifespan: 30m0s
notify_unknown_recipients: false
ui_url: /ui/verification
use: code
methods:
code:
config:
lifespan: 15m0s
enabled: true
mfa_enabled: false
passwordless_enabled: true
link:
config:
base_url: ''
lifespan: 15m0s
enabled: true
lookup_secret:
enabled: true
oidc:
config:
providers: []
enabled: true
password:
config:
haveibeenpwned_enabled: true
identifier_similarity_check_enabled: true
ignore_network_errors: true
max_breaches: 1
min_password_length: 8
enabled: false
profile:
enabled: true
totp:
config:
issuer: Zap
enabled: true
webauthn:
config:
passwordless: true
rp:
display_name: Zap
id: youthful-meninsky-8q4djabyct.projects.oryapis.com
origins:
- https://youthful-meninsky-8q4djabyct.projects.oryapis.com
enabled: true
serve:
admin:
base_url: https://youthful-meninsky-8q4djabyct.projects.oryapis.com/
request_log:
disable_for_health: true
public:
base_url: https://youthful-meninsky-8q4djabyct.projects.oryapis.com/
cors:
enabled: false
request_log:
disable_for_health: true
session:
cookie:
domain: youthful-meninsky-8q4djabyct.projects.oryapis.com
name: xxx
path: /
persistent: true
same_site: Strict
lifespan: 72h0m0s
whoami:
required_aal: highest_available
tokenizer:
templates: {}
Reproducing the bug
https://youthful-meninsky-8q4djabyct.projects.oryapis.com/ui/registration
Use the identity schema and identity config above.
Relevant log output
No response
Relevant configuration
No response
Version
Cloud
On which operating system are you observing this issue?
None
In which environment are you deploying?
Ory Network
Additional Context
No response
Which docs are you referring to?
Plain registration and login doesn't work yet, you'll still need an email address. You can, however, verify the phone number and use it for MFA.
Which docs are you referring to?
Plain registration and login doesn't work yet, you'll still need an email address. You can, however, verify the phone number and use it for MFA.
I find it very confusing that you can enable passwordless login, but you cannot login with a SMS code.
Which docs are you referring to? Plain registration and login doesn't work yet, you'll still need an email address. You can, however, verify the phone number and use it for MFA.
I find it very confusing that you can enable passwordless login, but you cannot login with a SMS code.
I've spent countless hours trying to setup Kratos, so if the problem is that it's not supported, then I'll unfortunately have to use another IAM instead, unless you can give me an ETA for when it'll be supported.
Which docs are you referring to?
Plain registration and login doesn't work yet, you'll still need an email address. You can, however, verify the phone number and use it for MFA.
According to the identity schema editor this is valid (and it's also not stated anywhere in the docs that it's not supported):
"code": {
"identifier": true,
"via": "sms"
}
Hi @jonas-jonas , is there a way to do Auth without Email? Only phone number? Because on UI schema allow to set code:via = sms but when we are doing Sign Up - we got this strange error that value is not supported
'credentials.code.via has unknown value "sms"'
@jonas-jonas sorry for spamming you, but I'm blocked until I know if it's something you're gonna support in the near future.
We're looking into it at the moment, but don't have a concrete timeline yet.
Hey, sorry to hear that you're blocked. I think Jonas was pretty clear when he said that that OTP login with SMS is not (yet) supported. We don't have a timeline for this feature at the moment as we don't have enough commercial demand for it.
@aeneasr
AFAIK, SMS is not supported for "code" strategy, but it's already implemented for "password" strategy, is it correct? It means that, we can use Ory Kratos for a scenario to allow user to use phone number as a identifier, and use SMS to verify, then allow user to set password?
