Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

If enrolling an sms, allow updating the verified phone # #112

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

If enrolling an sms, allow updating the verified phone # #112

wants to merge 1 commit into from

Conversation

Dozer1170
Copy link

Problem Analysis (Technical)

Users were locked to only being able to use one phone number for MFA SMS. You get a 400 from the authn api when providing a different phone number than the verified phone during MFA SMS enrollment.

Solution (Technical)

On an sms mfa enrollment request add the updatePhone query parameter

Affected Components

OktaAPI enrollFactor method

Steps to reproduce:

Enroll MFA SMS for a user, reset MFA SMS. Enroll in MFA SMS again with a different phone number.

Actual result:
You get a 400 and can only do MFA SMS with the first verified phone number
Expected result:
You can enroll with a different phone number

Tests

@IldarAbdullin-okta
Copy link
Contributor

Thanks a lot for the contribution, @Dozer1170 ! Could you please create github issue so I can prioritize it?
Your fix looks good, however I would like to expose this flag to public API so application level can decide whether to allow phone update or not

@Dozer1170 Dozer1170 mentioned this pull request Dec 9, 2019
Open
@Dozer1170
Copy link
Author

@IldarAbdullin-okta I have created the bug report for this. Let me know if you need anything else on my end!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Dozer1170 @IldarAbdullin-okta @EricSchlichting