How to get SMS MFA enrollments with full phone numbers

Problem Statement

How can we get the phone number in the bulk export or within an Action (Hook or Rule)?

Symptoms

After retrieving the data, the number is masked like +1 XXXXXXXX1234

Steps to Reproduce

  • Bulk export users

OR

  • Get an Action / Hook / Rule to obtain a token for Management APIv2
  • Obtain the enrollment ID for a given user with one of these options:
    • GET /api/v2/users/{user_id}/authenticators
    • GET /api/v2/users/{user_id}/enrollments ← Gets the first confirmed enrollment
  • If you got all the authenticators (first option), filter the type and name of this JSON response:
[
    {
        "id": "email|***********Va",
        "type": "email",
        "confirmed": false,
        "name": "patr*********************@*******",
        "created_at": "2022-10-04T04:32:30.000Z"
    },
    {
        "id": "sms|************c",
        "type": "sms",
        "confirmed": true,
        "name": "XXXXXXXXXX6333",
        "created_at": "2022-11-04T13:51:46.000Z",
        "last_auth_at": "2022-11-04T13:52:21.000Z"
    }
]

Solution

By default, the Management APIv2 will obfuscate the phone numbers, but you can modify your tenant settings to set the disable_management_api_sms_obfuscation flag to true.
Sample body to PATCH /api/v2/tenants/settings:

{
  "flags": {
    "disable_management_api_sms_obfuscation": true
  }
}

After this, you could repeat the Steps to Reproduce and then you should see the number for each user in the bulk export or within the JSON structure.

Reference