https://www.ory.sh/ logo
Join Slack
Powered by
Is phone verification supported or not? I know th...
# talk-kratos
b
Is phone verification supported or not? I know there's an open issue, but the reference seems to suggest it is supported, but I can't find a lot of docs on it
Copy code
## Email and Phone Verification and Account Activation Configuration ##
w
but indeed, there's a massive hole in the docs, it's not clear if this supposed to be used for verification, there's no mention of 
<http://ory.sh/kratos/verification/via|ory.sh/kratos/verification/via>
for sms
b
Yeah I've seen that link, but then there's no mention of using it anywhere.. so if I configure it there, when is it used..?
w
indeed, hence I reflected on that
I think it's possible
it seems that the identity via 
tel
can be used for this
b
Hmmm that would be cool
Will take some experimentation
w
cool
b
w
yeah, it's funny, because the courier can be set to sms
b
There is a type phone, it's just not configured to send stuff with;
Copy code
const (
	AddressTypeEmail = "email"
	AddressTypePhone = "phone"
)
w
so you can configure the sms courier instead of smtp
b
Hmm
w
regardless if it's possible or not, I would be really cautious with sms, in the US this seems to be a pretty common attack vector because it's so easy for someone to clone the sim
b
There is a 
QueueSMS
function but its only referenced in tests
Copy code
QueueSMS(ctx context.Context, t SMSTemplate) (uuid.UUID, error)
w
I know
b
Yeah
But it's better than not verifying phone at all and assume its just valid
w
yeah, you can always go for custom hooks, I'd probably go for that
at the end of the day the sms courier kinda looks like it would work with any api that looks like twilio, but what if your provider isn't twilio?
b
I think you can customize the body
l
there is this PR which add a phone verification https://github.com/ory/kratos/pull/2511
I've never added the missing tests so it was not merged yet
b
Yeah I've seen the PR, would be really nice to have that merged
l
yes I need to find time to rebase with master and add the missing tests
other people are using the PR so i know it works
b
What tests are still missing?
l
there is a missing e2e test for my part, but I should also merge the API modification done on another fork of my PR and add tests for this part
b
I see
Current docs do say it should already be possible, bit double
Copy code
Account verification: Verify that an email address, phone number, or physical address actually belongs to the user.
https://www.ory.sh/docs/kratos/ory-kratos-intro
m
Hello @brash-cartoon-33648 @white-greece-76805 @loud-spoon-23770 verifying a phone address is not possible out of the box. We should make this clearer in the docs… You can configure the SMS courier but it wont get a message. What is documented is just the first step that was added to have the courier sms-able but the code that generates the sms does not exist. fyi @high-optician-2097
b
Yeah I figured as much, thanks. Looking forward to that being available
38 Views
Open in Slack
PreviousNext
Powered by