You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It has been observed that some release tags of the SMS-OTP connector (specifically for WSO2 IS 5.10.0 releases) have modified the source code by removing the 1000x multiplication. [1]
When the SMS-OTP is configured via the event publisher flow, and if the following TOML configuration is applied, the Identity Server (IS) displays an error message indicating that the token has expired upon OTP submission. if the TokenExpiryTime config is not there IS will keep the default value as 300000 and there will not be any issues.[2]
This issue occurs because the source code retrieves the token expiry time as 900 from the configuration. When the 1000x multiplication is removed from the conditional statement, the logic defaults to the else block, leading to this behavior.
Step the SMSOTP Authenticator with above configs and try to submit the OTP in 5.10.0 latest. Upon the OTP submission there will be a token expiry message.
Version
5.10.0
Environment Details (with versions)
MacOS/Linux/Windows
The text was updated successfully, but these errors were encountered:
Description
Hi All
It has been observed that some release tags of the SMS-OTP connector (specifically for WSO2 IS 5.10.0 releases) have modified the source code by removing the 1000x multiplication. [1]
When the SMS-OTP is configured via the event publisher flow, and if the following TOML configuration is applied, the Identity Server (IS) displays an error message indicating that the token has expired upon OTP submission. if the
TokenExpiryTime
config is not there IS will keep the default value as 300000 and there will not be any issues.[2]This issue occurs because the source code retrieves the token expiry time as 900 from the configuration. When the 1000x multiplication is removed from the conditional statement, the logic defaults to the else block, leading to this behavior.
[1] - https://github.com/wso2-extensions/identity-outbound-auth-sms-otp/blob/master/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/smsotp/SMSOTPAuthenticator.java#L1264
[2] - https://github.com/wso2-extensions/identity-outbound-auth-sms-otp/blob/master/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/smsotp/SMSOTPAuthenticator.java#L954
Thanks,
Dinuwan
Steps to Reproduce
Step the SMSOTP Authenticator with above configs and try to submit the OTP in 5.10.0 latest. Upon the OTP submission there will be a token expiry message.
Version
5.10.0
Environment Details (with versions)
MacOS/Linux/Windows
The text was updated successfully, but these errors were encountered: