i have issue with enabling SMS OTP Step then Email OTP step after username and password step.
first i configured SMS OTP and Email OTP identity providers.
then i change local and outbound authentication configuration in service provider configuration. as per attached image
[service provider configuration] (https://i.stack.imgur.com/WREK3.png)
after that try to login in service
first system displays username and password form then SMS OTP form then blank page appear with https://localhost:9443/commonauth URL although i received email with OTP, as per attached images.
[Step 1] (https://i.stack.imgur.com/G6g21.png)
[step 2] (https://i.stack.imgur.com/0A8ZN.png)
[Step 3] (https://i.stack.imgur.com/wLZWX.png)
i try to change order of steps to be username and password step then email OTP then SMS OTP, the result is system ask user about username and password then email OTP then user log in successfully without SMS OTP step!!!
please advise how to login user after three mentioned steps (basic > SMS OTP > Email OTP)
The initial issue mentioned in the question, hanging on commonauth endpoint if basic > SMS OTP > Email OTP steps configured scenario is already reported in https://github.com/wso2/product-is/issues/15364.
That issue is fixed by https://github.com/wso2-extensions/identity-outbound-auth-email-otp/pull/151.
You can patch this change to your WSO2 IS server and try out the flow.
Refer to this:https://tharika.medium.com/how-to-apply-java-code-changes-to-wso2-server-on-the-go-caba252370 for more information on applying a patch.
Related
Most of the new mobile Apps use Mobile number with SMS OTP to authenticate the user without username/password how can we do the same to generate Access Token using WSO2 Identity Server, considering the following points:
User have to enter his/her mobile number in the App
User have to enter the SMS OTP in the App
WSO2IS to send the SMS OTP
In the last step to generate Access Token from WSO2 for the user
Following is the expected flow
Mobile-SMS Flow
You can create a custom authenticator for this and manage SMS-OTPs from the custom authenticator you can follow this link and integrate the below two functionalities for your application.
SMSOtpService.generateSMSOTP(userId);
This will generate a SMS-OTP for the input of userID (scim-id) and the output will be a transactionId alongside with smsOtp and through the WSO2IS SMS event handler, you can send OTP too.
SMSOtpService.validateSMSOTP(transactionId, userID, smsOTP);
This method will validate the SMS-OTP with the input fields of transactionID, userId(scim-id) and smsOtp.
You need to do few customizations but basically, you can use these two functions to generate and validate SMS-OTP
I am doing a web app in Django. I hardly tried to create a TokenGenerator for verifying the user's email to activate the user's account
coming to the problem,
how to send the verification email to the user account while
signup. while signup, users can receive a verification link email
with a token generator
the user has to input the password at the time of account signup
After verifying the email user can log in to the respective page via their mail id and password
while login it should check whether an email is present in the DB
(DB will be updated with user emails )
for the first question, Django has built-in functions and classes for sending emails, you can check them here: https://docs.djangoproject.com/en/3.2/topics/email/ and this post will help you send and email: https://dev.to/yash2115/how-to-send-e-mail-in-django-37ge, and if you want sen an email for any user's sign up you have to use signals, check it here: https://docs.djangoproject.com/en/3.2/ref/signals/
other questions are all related and they are pre-built in Django, these links will help you: https://learndjango.com/tutorials/django-login-and-logout-tutorial
https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Authentication
repositories which may help:
https://github.com/shoukreytom/pdfstack
https://github.com/shoukreytom/notes
https://github.com/shoukreytom/blog (advanced - apis)
https://github.com/mitchtabian/Food2Fork
I have wso2 version 5.8.0 and want to make adaptive authentication using email or sms. What needs to be prepared to make adaptive authentication using email or sms to confirm from the client / user.
You can follow this documentation for configuring SMS otp authenticator https://docs.wso2.com/display/IS580/Configuring+SMS+OTP and refer this for configuring email otp authenticator https://docs.wso2.com/display/IS580/Configuring+Email+OTP.
You can configure smsotp and email otp authenticator as second step authenticators. Bydefault these connectors are shipped with IS5.8.0
Step1: basic
Step2: multi option- sms/email otp
Authentication with sms and email otp can be done without adaptive script. If you want to do some manipulation, you can use an adaptive authentication script. Please follow these documents for further reference.
https://medium.com/#gayanmadusanka_80721/introduction-to-adoptive-authentication-with-wso2-identity-server-5-7-0-release-c3dec5aff895
https://madurangasblogs.blogspot.com/2018/12/adaptive-authentication-with-wso2.html
I created an user pool with AWS Cognito. It works good but many email servers (providers like FreeTelecom our Orange in France) never received the Confirmation Code (in order to validate an email address and activate a user account). I found nothing in the AWS Documentation. Please someone could help me ?
Image url:
Please do find the image url and open it for reference.
While creating your user pool you have to enable MFA (Multi-Factor Authentication) on aws console.
Do verify 1. whether you have Marked MFA as required field. 2.Which second factors do you want to enable? Enable an option OTP or SMS 3.Do you want to require verification of emails or phone numbers? Check the field both Email and Phone Number
While creating user in userpool, user invitation messages are sent with a temporary password but email verification messages is not being sent.
I was creating a very simple setup to try out aws cognito service.
Here is what I did in AWS cognito, I created a user pool with step by step as follows:
1)What do you want to name your user pool?
-> testpool
2)How do you want to create your user pool?
-> step through settings
3)How do you want your end users to sign in?
->Email address or phone number-Allow email addresses
4)What password strength do you want to require?
->Minimum length=6
5)Do you want to allow users to sign themselves up?
->Allow users to sign themselves up
6)How quickly should user accounts created by administrators expire if not used?
->Days to expire-7
7)Do you want to enable Multi-Factor Authentication (MFA)?
->off
8)Do you want to require verification of emails or phone numbers?
->Email
9)You must provide a role to allow Amazon Cognito to send SMS messages
->testpool-SMS-Role
10)Do you want to customize your email verification messages?
->Verification type-link
->Email subject = Your verification link
->Email message = Please click the link below to verify your email address. {##Verify Email##}
11)Do you want to customize your user invitation messages?
->SMS message = Your username is {username} and temporary password is ->{####}.
->Email subject = Your temporary password
->Email message = Your username is {username} and temporary password is {####}.
12)Do you want to customize your email address?
->no
13)Do you want to add tags for this user pool?
->no
14)Do you want to remember your user's devices?
->no
15)Which app clients will have access to this user pool?
->none(will simulate from create user option in genral setting-user and group)
16)Do you want to customize workflows with triggers?
->no
17)Review page - this page shows summary of whatever I selected
Create pool
Now after pool creation went ot genral setting-user and group and clicked create user
A Create user pop-up shows:
Username (Required): myEmailAddress
Send an invitation to this new user?: check
Temporary password: left blank
Phone Number: empty(not required)
Mark phone number as verified? unCheck
Email: myEmailAddress
Mark email as verified? unCheck
Click on Create User
A mail is received into my account form no-reply#verificationemail.com via amazonses.com,with subject: Your temporary password with message as: Your username is somemailid#gmail.com and temporary password is agsjyk.
This is okay.
But I didnot receive any verification mail link before previous mail.
Not sure if you're missing this particular setup....Domain name is require for link verification.
Under "Tab integration" then "Domain name"
A mail is received into my account form no-reply#verificationemail.com via
amazonses.com,
with subject: Your temporary password
with message as: Your username is somemailid#gmail.com and temporary password is > agsjyk.
Looking at this it seems you are creating the user via the Cognito API by the AdminCreateUser method, and that's why you are receiving a temporary password.
The confirmation email you are expecting will only be sent if the user registers itself, so you should use the SignUp method.
verification mail link is for when users sign themselves up, they will receive a link to ask them to verify the email address instead of a code. In your case, you are send a temporary password to the user, so the link wont show up.
You need to add a domain in this section of the Incognito Service:
Also, if you are not getting the email, click on the user, and check their email, it could be wrong.
If anyone else is facing this issue, it appears that you cannot send verification emails if you use SAML or a federated identity provider. Cognito sets the cognito user to EXTERNAL_PROVIDER and no Cognito API calls allow sending a verifcation code or link. The cognito user is automatically created on initial sign-in. I have my user pool set to validate email address but it is always set to false.
The only way that I know to confirm the user via SSO is to use an external verification process outside of cognito.
With Cognito, if you have added both email and phone number then you should allow both as verification methods(In the SignUp experience Tab) as below:
Otherwise the email verification link or code is not sent