Hi Ory team, We have an issue in production right now for 2FA sessions (AAL2) using both SMS or Authenticator (we have the two in our model). Users cannot 2FA at all with error message 4000035. This is blocking sign-ups on our app as well as user activity that requires 2FA. We suspect there has been a breaking change in your API in the past hours - is that possible?

Could you send me your project slug, and ID?

project id : 6585a8d6-0324-4e92-84be-997a0d07305a project slug: zen-banzai-4pdtfbodxe

And do you have the ID of a flow where this happened?

c3fc06b1-2757-4f4e-801b-b09715ab2cd7

Hi Jonas, I am working with Oscar. So basically we have an identity schema with a field:

"phoneNumber": {
          "type": "string",
          "format": "tel",
          "title": "Phone Number",
          "ory.sh/kratos": {
            "verification": {
              "via": "sms"
            }
          }
        }

We don't use Ory's UI. We have a custom front-end integration, and our app does the following: • We create a login flow with aal2 using the endpoint

/self-service/login/browser?aal=aal2&via=phoneNumber

• a programmatic front-end call submits the flow with the parameters to send an SMS to the user

identifier: "the user's phone number"
method: "code"

• the user gets the SMS and fills the code, then the flow submits This was working very well until today. It seems that you have recently updated the documentation for 2FA with SMS, could it be related to our issue ? https://github.com/ory/docs/commit/238d45bbac8d4eed458d5ef26b11ec95413095af

Okay, thanks. We're still investigating. Could you send me the configuration of your project from the Ory CLI?