-
Notifications
You must be signed in to change notification settings - Fork 29
lock widget passwordless not validating phone numbers with respect to countries selection #99
Comments
I did a quick google search and the leading zero is a trunk prefix which indicates that you are calling someone on the same country and should be omitted when making an international call. Without the trunk prefix it might be ambiguous whether the first digits belong to a country dialling code or the area code. Each country has its own trunk prefix, and some countries don't have one. I don't think lock is right place to handle this, we shouldn't mark the phone number input as invalid and prevent the form submission because it has a leading zero. As a side note, the E.164 recommendation defines a format for international telephone numbers. |
@gnandretta Should this be moved else where. If yes could you direct me to which repo. |
@vikasjayaram yes, this will be handled in the API. It is already on the backlog. |
Sorry for commenting here, but this issue still seems to be unresolved, as in neither would Lock prevent the trunk prefix, nor would the API remove it, so in the SMS passwordless flow users can submit a malformed number and never get the OTP wondering what went wrong... I couldn't find the referenced API issue, so wondering what's the status on this? Is the only workaround to stop using Lock and implement a custom login UI just so that I can add validation? Maybe it's an important detail to share that I'm using a custom SMS gateway after having problems setting up Twilio integration, but I'd expect the Auth0 API to sanitise the phone number before passing on to the gateway, otherwise the wrong number will be stored in the user database. |
@daaain this project is deprecated and won't receive any updates apart from security fixes. Have you tried the new Lock widget that supports Passwordless? There's a migration guide here: https://auth0.com/docs/libraries/lock/v11/migration-lock-passwordless - If you still see this behavior in that project, please open an issue in that repo so we can discuss. |
@luisrudge thanks a lot for the response! I am using Lock v11, but actually since I'm not really sure where the problem is (or where it would be best fixed) this should probably be a discussion in the community forum first and once it's clear what should be fixed I can open a more concrete issue. So here we go: https://community.auth0.com/t/how-to-remove-trunk-prefix-leading-zero-in-phone-number-during-sms-passwordless-flow/14644 |
For example on choosing Country Australia (+61) and mobile number (04312345678)
The phone number in the user record ends up being +6104312345678 where as it should have been
+614312345678, FYI I still get the SMS for authentication using passwordless but this ends up creating as a new user which is not the intent. Several other countries like Mexico has that extra zero. Is this some thing we can fix in lock?
The text was updated successfully, but these errors were encountered: