Simple hack to bypass OTP issue
monishthummala opened this issue · comments
A simple hack:
Instead of using a protected API for generation of OTP, use the public API for generation. This removes the need to use a secret key. Surprisingly combination of public(generation)/protected(confirmation) seems to generate a usable token(can be used for booking as well. Tested with a random subject). I've used the existing APIs for the rest. This seems to have resolved the issue. It is consistent with the browser's behavior ( if it works there it'll work here)
That's interesting.
You might get the OTP but it will not be validated correctly in production env. Have you tried to complete the entire journey with that?
A simple hack:
Instead of using a protected API for generation of OTP, use the public API for generation. This removes the need to use a secret key. Surprisingly combination of public(generation)/protected(confirmation) seems to generate a usable token(can be used for booking as well. Tested with a random subject). I've used the existing APIs for the rest. This seems to have resolved the issue. It is consistent with the browser's behavior ( if it works there it'll work here)
Any code samples?