Affects Version/s: None
Fix Version/s: v2.5.0
SMS credential configuration (system):
- code length,
- code validity time,
- lost phone recovery:
- when on configure email verification as in case of email reset. Allow to turn on or off captcha.
User is setting up the SMS credential (counterpart of setting user's password):
- select a phone number from values of contact telephone attribute (contact telephone is existing metadata) OR enter a new number.
- if selected/entered value is unverified it must be verified before credential can be saved. Credential UI should allow for in-place verification (same as in case of mobile attribute)
- phone number value is saved in credential (i.e. do not store a reference to attribute or anything like this)
- if a new value of telephone was defined in credential it should be also added to respective attribute.
- there must be an option to invalidate credential
- credential should send code immediately when used as 2nd factor and after button click when used as 1st.
- besides of it a textfield to enter the code.
Lost phone support:
- possible to activate on authn screen, similar to "Forgotten password?" link, only if credential config allows.
- Implements configured flow: verifies email and captcha if enabled.