Thanks @supun for the prompt response,
So the objective is to achieve passwordless signup via email but we are adding one more authentication factor before user signup and that is via SMS. User has to input the 6 or 8 digit code received in his/her mobile number.
So first, we are creating a user via /api/v2/users API with below payload:
{
“email”: “nitin.goenka.ext@partners.axa”,
“phone_number”: <customer_mobile_number>,
“blocked”:false,
“email_verified”:false,
“phone_verified”:true,
“given_name”:“Nitin”,
“family_name”:“Goenka”,
“connection”:“sms”,
“verify_email”:false
}
and then invoke another API /passwordless/start with below payload, to send an email to the customer for the signup:
{
“client_id”: ,
“client_secret”: valid client_secret,
“connection”: “email”,
“email”: “nitin.goenka.ext@partners.axa”,
“send”: “link”,
“authParams”: {
“redirect_uri”: “http://localhost:8080/callback”,
“response_type”: “code”,
“scope”: “openid profile email”
}
}
(We also create one rule in the Dashboard to merge the accounts via user email, primary account connection will be “sms”)
When the user clicks on the link received, accounts will get merged and in the above callback URL, we want to kick MFA via SMS by redirecting to below URL:
Are we missing something to pass before redirecting to the below URL ?
/authorize?client_id=<>&response_type=code&redirect_uri=http://localhost:8080/callback2&scope=openid profile email phone&connection=sms&prompt=login"
We don’t want customer to enter the mobile number for the security reasons.
Could you please have a look again?
Thanks,
Nitin