Phone verification not working

Question

Phone verification not working

blackshady opened this issue 3 months ago · comments

Victor Chibuike commented 3 months ago

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

When attempting to create a verification flow for phone numbers using the self-service API, despite configuring the kratos.yml file to utilize an SMS gateway for verification, the API still returns email attributes in the UI node instead of phone number attributes. This occurs even after following the documentation and configuring the system to use SMS verification. As a result, the intended functionality of phone number verification is not achieved.

Reproducing the bug

Configure the kratos.yml file to use an SMS gateway for phone number verification.
Attempt to create a verification flow for phone numbers using the API endpoint {{kratos_URL}}/self-service/verification/api.
Observe that the UI node returns email attributes instead of phone number attributes.

Relevant log output

No response

Relevant configuration

Here is my `identity.schema.json` file
{
  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/phone-password/identity.schema.json",
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "name": {
          "type": "object",
          "required": [
            "last",
            "first"
          ],
          "properties": {
            "first": {
              "title": "First Name",
              "type": "string"
            },
            "last": {
              "title": "Last Name",
              "type": "string"
            }
          }
        },
        "phone": {
          "type": "string",
          "format": "tel",
          "title": "Phone number",
          "minLength": 3,
          "ory.sh/kratos": {
            "credentials": {
              "password": {
                "identifier": true
              }
            },
            "verification": {
              "via": "sms"
            }
          }
        }
      },
      "required": ["phone"],
      "additionalProperties": false
    }
  }
}

Version

v1.1.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker

Additional Context

No response

Michael Marner · Answer 1 · Thu Mar 07 2024 07:35:37 GMT+0800 (China Standard Time)

We have also run into this issue - it does not seem possible to create a verification flow for a phone number (our identity schema has both email and phone number traits).

Perhaps it's necessary to add a via=phone_number parameter or similar to the create verification flow API endpoint, which would allow apps to specify which trait to verify?

This is especially an issue because it is not possible to redirect to a verification flow from settings after setting the user's phone number for server-side rendered apps. From the docs:

Showing the verification form after a settings update is currently only supported on native or SPA clients.

https://www.ory.sh/docs/kratos/self-service/flows/user-settings#show-verification-form-after-updating-a-verifiable-address