I have tried to implement using “Generate one-time password” action in flows.
but I would like to know what is expiry time of this generated code and has auth0 have failed-attemp couter or not?
Are you following this guide here: Email OTP Verification with SendGrid Template
If not, can you provide what you are following? I need to know where to look to better answer your questions 
Thanks,
Mary Beth
@marybeth.hunter
no, I’m not using otp verification with sendgrid. but I’m using aws sns provider.
but actually my question is about component which refered below
Data verification (generate otp) → what how can I know the expiry time of this code ? can we configure it ? → this one i found that it’s 5mins without configurable for now.
Data verification (verify otp) → what is number of counter for verify-failed ? can we configure it ? → this one seem to be max 10 time retries without configuration for now as well.
correct me if I’m wrong.
also I would like to know similar question for expiry time & max retry for verify, in the scenario that use click forget password feature on Universal Login as well.
I have reached out internally about the generate OTP expiry/configuration and verify OTP counter for verify failed/configuration. I will update you when I hear back on those.
Regarding the TTL/expiry time for the link in the password reset email users receive, the default is 60seconds. This is configurable. Please see here: Change Users' Passwords. The link is valid for one time only.
Thanks,
Mary Beth
I have heard back from the team on this. Please see the below:
The expiry of the OTP is always 5 minutes and it is not configurable at this time.
The number of tries the verify OTP allows is not configurable but is something currently being developed.
Please let me know if you have any additional questions!
Thanks,
Mary Beth
1 Like
Thanks @marybeth.hunter for your reply,
but I may missed on my question a bit.
for the forget password (reset password), in case that my tenant configure to use OTP not magic link. so what is TTL for otp code that auth0 generated and send via both email and sms provider ?
similar with #retries…