Sergey Plaunov

Yes, we use twilio. Although not directly but through our internal notifications service. I think we can abstract this call with the configuration parameters so it will be possible to...

I'm adding a new login strategy to `selfservice/strategy/sms`. Here is the expected sequence of events: - mobile app calls `new flow create` endpoint - then it calls the `flow submit`...

Verification is part of this login method, as you need to present the SMS code to log in. As to recovery - I will look into this after I implement...

Why do we need registration flow at all? The beauty of the SMS method is the ultimate simplicity for the user. Just enter your phone number and then the code...

> What's the user's first name? Last name, birthdate, ... How do you know if she/he accepted the terms of service? And so on. > > Provisioning users as part...

> To really be safe and implement proper recovery you probably need another factor next to SMS. WhatsApp has a six digit code that you can reset via email as...

Yes, we could just use registration flow instead of login. But doing so we need to change this code: https://github.com/ory/kratos/blob/60d848d11dabbf2d26887e7e89fb75900143f6ec/selfservice/flow/registration/hook.go#L121 To make registration logic lookup for existing identity before trying...

> You would probably end up needing this PR: #1420 The idea (to always use registration flow instead of login) has its own drawbacks. This would work fine only if...

The same issue with verification tokens. They are being deleted by db cascades on identity updates: https://github.com/ory/kratos/blob/731b3c7ba48271e2fb6bbd53b0281d5269012332/persistence/sql/persister_identity.go#L328 So, verification link sent by post-registration hook will not work if identity have...

How could we design end-to-end tests? Would it be a good choice as IdP for tests? https://gluu.org/docs/gluu-server/4.1/admin-guide/saml/ Or are there any simpler solutions? Some SAML IdP reference implementation?