Problem statement
We can see just the last 4 digits when using the following Management API endpoint:
GET {{base_url}}api/v2/users/{{user_id}}/authenticators
"guardian_authenticators": [
{
"id": "sms|<ID>",
"type": "sms",
"confirmed": true,
"name": "XXXXXXXX1234",
"created_at": "2022-11-03T16:55:57.000Z",
"last_auth_at": "2022-11-15T10:06:49.000Z"
},
But we want to view the complete phone number used for enrolling MFA SMS.
Solution
Please update the flag disable_management_api_sms_obfuscation to true with the below request:
PATCH /api/v2/tenants/settings
{ "flags": { "disable_management_api_sms_obfuscation": true } }
After doing this, the next time you hit the get all authenticators endpoint, You should be able to see the whole phone number.