Problem statement
Tenant logs occasionally show errors related to wrong email addresses or verification codes.
Symptoms
Tenant logs may contain events with these error descriptions:
- “Wrong email or verification code” - (Email connection)
- “Wrong phone number or verification code” - (SMS connection)
Cause
A user accidentally using an old OTP code that they believe is the current one is a common cause of confusion since only the last code is considered valid. For this reason, users should use the most recent OTP code.
Solution
These errors can be seen in the following scenarios:
- The user has entered the OTP code incorrectly
- The OTP code has been invalidated due to a newer OTP being generated. Only the last OTP code generated for a given user is valid.
If the issue occurs regularly, check that the application is not submitting multiple requests to generate OTP codes for a single login attempt.
Downstream Email or SMS delivery delays could also cause codes to be delivered slowly. This may confuse the user and result in them requesting another new code. But in some cases, the ‘delayed’ old OTP code may arrive immediately after the new code has been issued. The result is that the user chooses to use this expired code, resulting in an error.