Hello everyone! Why SMS passwordless authenticatio...
# contributors
b
Hello everyone! Why SMS passwordless authentication still in review https://github.com/ory/kratos/pull/2033 ?
m
You are welcome to contribute to the PR @broad-artist-45921 The best contribution would be to strike a support deal with Ory, so we can allocate more resources to work on this feature. You can reach out for this sort of thing here: https://www.ory.sh/contact/ For individual contributors or those who can’t influence company politics these things come to mind: • Do an extensive code review, leave comments and questions • Create a very easy to reproduce demo • Try to hack the demo and come up with ways to identify security vulnerabilities There is still work to be done to make sure the feature is safe and can be used in production.
b
Thanks Vincent! we are unfortunately not able to strike a support deal, but we're willing to contribute some effort in the open source manner. I am asking specifically because last comment from Ory in this specific PR is from @high-optician-2097 saying in april 2022 (+1y ago) that
Ok, I'm back from vacation and have time to review this :)
. Is there anything specific for this PR that needs to be done (and we can do), other than a review from your side?
m
I think the three options I listed, (code review, demo, testing demo for vulns) would be most helpful! It does require some knowledge of how Kratos works. This would speed up the process a lot though. The last commit was some time ago and some things might have changed in the most recent releases - you could investigate that as well. It also is on the roadmap to be implemented FYI @fast-lunch-54279
f
hey, on SMS OTP - AFAIU this PR is a great start, however we also made numerous changes to the flows in the context of adding Email OTP (soon!), and we'll need to make sure the SMS implementation is fully aligned with those. That makes it more work than just a review & merge, which means we have to prioritize it alongside our other roadmap items. We'll get there in the next months, though, finally!