okta-auth-swift icon indicating copy to clipboard operation
okta-auth-swift copied to clipboard

Published 20 hours ago verified publisher icon okta

If enrolling an sms, allow updating the verified phone #

Open Dozer1170 opened this issue 5 years ago • 2 comments

Problem Analysis (Technical)

Users were locked to only being able to use one phone number for MFA SMS. You get a 400 from the authn api when providing a different phone number than the verified phone during MFA SMS enrollment.

Solution (Technical)

On an sms mfa enrollment request add the updatePhone query parameter

Affected Components

OktaAPI enrollFactor method

Steps to reproduce:

Enroll MFA SMS for a user, reset MFA SMS. Enroll in MFA SMS again with a different phone number.

Actual result: You get a 400 and can only do MFA SMS with the first verified phone number Expected result: You can enroll with a different phone number

Tests

Dozer1170 avatar Dec 04 '19 20:12 Dozer1170

Thanks a lot for the contribution, @Dozer1170 ! Could you please create github issue so I can prioritize it? Your fix looks good, however I would like to expose this flag to public API so application level can decide whether to allow phone update or not

IldarAbdullin-okta avatar Dec 06 '19 23:12 IldarAbdullin-okta

@IldarAbdullin-okta I have created the bug report for this. Let me know if you need anything else on my end!

Dozer1170 avatar Dec 09 '19 20:12 Dozer1170