-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle API response for mobile OTP code incorrect. #371
Conversation
@nicbell thanks for this. I assume this changed at some point to prevent user enumeration. I've checked on my side using email and I receive a different error message. Can you please update the PR to add support to this other description as well? Thanks |
@lbalmaceda thanks, I've added email OTP and tests for both. |
Thanks for making the changes. I imagine this can be put into the next release train, in one week from now. |
@nicbell Patch released! |
Having a second look at this after released. The We already had a method that related to this error case. It is currently missing the Passwordless error descriptions so it's not currently matching that. It's more accurate if we move this PR's changes to the isInvalidCredentials method instead. I'll make the changes and ship that as another patch release. Just wanted you give you a heads up, since you're the only one that reached out for this use case, so you can update your usage. |
Changes
When logging in with a mobile phone and SMS code:
AuthenticationAPIClient(account) .loginWithPhoneNumber(mobileNumber, code, smsConnection) .setScope(scope) .setAudience(audience) .start
With an incorrectly entered code I expect to for
AuthenticationException.isMultifactorCodeInvalid
to betrue
.This PR just adds another string match.
References
Testing
Test logging in with mobile and SMS code, entering the code incorrectly.
AuthenticationException.isMultifactorCodeInvalid
should be true.Checklist
I have read the Auth0 general contribution guidelines
I have read the Auth0 Code of Conduct
All existing and new tests complete without errors