h
is it possible to implement a 2 factor authentication with Email/password as the first factor and phone number as the second factor by supertokens?
r
Yes it is. See our docs here: https://supertokens.com/docs/mfa/introduction
h
After signup by EmailPassword when I call POST
/auth/signinup/code
and passing
phonenumber
I get
Please provide exactly one of email or phoneNumber
r
you need to pass in content-type: application/json header in the input.
h
I passed but nothing changed, here is my Passwordless recipe:
Copy code
Passwordless.init({
            flowType: "USER_INPUT_CODE",
            contactMethod: "PHONE",
            override: {
                apis: (oI) => {
                    return {
                        ...oI,
                        createCodePOST: async function (input) {
                            console.log("createCodePOST called");
                            let session = await Session.getSession(input.options.req, input.options.res, {
                                overrideGlobalClaimValidators: () => [],
                            });
                            let userMetadata = await UserMetadata.getUserMetadata(session.getUserId());
                            let phoneNumber = undefined;
                            if (userMetadata.metadata.passwordlessUserId !== undefined) {
                                let passwordlessUserInfo = await Passwordless.getUserById({
                                    userId: userMetadata.metadata.passwordlessUserId,
                                    userContext: input.userContext,
                                });
                                phoneNumber = passwordlessUserInfo?.phoneNumber;
                            }
        
                            if (phoneNumber !== undefined) {
                                if (!("phoneNumber" in input) || input.phoneNumber !== phoneNumber) {
                                    throw new Error("Input phone number is not the same as the one saved for this user");
                                }
                            }
        
                            return oI.createCodePOST(input);
                        },
                    };
                },
            }
        }),
r
how are you sending the request?>
h
using postman and having
st-auth-mode = cookie
r
what other headers?
h
content-type as application/json
initially I have signed up by email/password and received the access token through cookie with 2fa-complete as false, and then I send next request to /auth/signinup/code with
phonenumber
in body
r
can i see the full request being sent?
h
curl --location --request POST 'localhost:3000/auth/signinup/code' \ --header 'Content-Type: application/json' \ --header 'st-auth-mode: cookie' \ --header 'Cookie: sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiMjkzODYxYjEtNDE5ZC00NTAyLWE3ZTMtMjg3YzRiMjdkNmRjIiwidXNlcklkIjoiYjgyNzhkZjItZjI2Yy00YjM2LWI5MjUtNzA1NGVjOGM4MWEzIiwicmVmcmVzaFRva2VuSGFzaDEiOiJhYTMyYzhhY2FjOTYyM2VlMmIyNDAzYTU3ZTlkMjZlZWEwZmFhOTY2YjlkNzgzMmQ4ZTg1M2RlZTgyZDc5ZGM0IiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7IjJmYS1jb21wbGV0ZWQiOnsidiI6ZmFsc2UsInQiOjE2ODExMDc4MDg3OTF9fSwiYW50aUNzcmZUb2tlbiI6bnVsbCwiZXhwaXJ5VGltZSI6MTY4MTExMTQwODc5NywidGltZUNyZWF0ZWQiOjE2ODExMDc4MDg3OTcsImxtcnQiOjE2ODExMDc4MDg3OTd9.b63yxZ2m8M4jRP%2FpvoN1k8wequUsrSlJOj414SHw6%2FDRzII%2BT6wOExwG%2FFNcYYNrGCtzfvoEDMIEISq9gdN4QSIeXWb9QZ8ctLPxOc0RBnr6B3gUfjgBu%2Bsq2UAZZCS38HjxH%2ByyOlYoo%2Bvig9%2FVJ9KigltoQgsLCd93Tz%2Fflv1gPkAcnSCuywkHy7FPHal%2FGSPGARGtzRL8%2FQ8Egl9K%2FBORbheczX37nnaATPjz491Epio8j0LDPxsWft32nz6mr7y6mpGsTl6L%2FFA5G8%2B8wDNiBkpHrTx05GmzOdGwNPX%2FMlGgMiEcTtbgRBp71wYq9BJtmkdoPR8FAEMIXAsNXw%3D%3D' \ --data-raw '{ "phonenumber": "+905036789231" }'
here is the signup request
Copy code
curl --location --request POST 'localhost:3000/auth/signup' \
--header 'st-auth-mode: cookie' \
--header 'Content-Type: application/json' \
--header 'Cookie: sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiNzc1YzhhYzctNWVhYi00MGNkLWFiZDItZjExYmFjZGE4ZGIxIiwidXNlcklkIjoiYjgyNzhkZjItZjI2Yy00YjM2LWI5MjUtNzA1NGVjOGM4MWEzIiwicmVmcmVzaFRva2VuSGFzaDEiOiI5N2NhMDNhM2FiYWU1NDUyZTkxYjkxNjFhNWYwMWFlODBhOGMxNGNhZjZhZjA0ZjRmYjgwZmM3MzRiMDU1OWY1IiwicGFyZW50UmVmcmVzaFRva2VuSGFzaDEiOm51bGwsInVzZXJEYXRhIjp7IjJmYS1jb21wbGV0ZWQiOnsidiI6ZmFsc2UsInQiOjE2ODExMDc4MDQ3NDF9fSwiYW50aUNzcmZUb2tlbiI6bnVsbCwiZXhwaXJ5VGltZSI6MTY4MTExMTQwNDc2MiwidGltZUNyZWF0ZWQiOjE2ODExMDc4MDQ3NjIsImxtcnQiOjE2ODExMDc4MDQ3NjF9.DjNzXS7lhSO6f4MS0v3Uc%2FOQ74vFqKXHvZj3hVU3c2DW6iq7vv9SbFQ4jTdmE8MYflNXJmk%2B7e%2BuPuy2yIPmIn%2BkMdUw4B69lyh5P0xeTdJ%2BudMTA2AnKAvOBXy60A%2FGga%2Fs%2FR7PCa0luZxRcqPti%2Bm7JKRm9ZwASx%2F%2Ft8%2F6ZFQED1NbpdqpH2b1cXCBCW17slt8jla7FkMvlJcTJfpHOH979btF%2FTHHX0r3glH6F8L4D0qspilm%2BWwkWjxRT0hNGxIYaTLsxzOEqfg17KGObsWnooSfTGs8fkXT4Q%2B5QJ1DS1Y1Ox2onYKk5zVB9Iwo8mEqov5RrH%2FwONEft3Fc0g%3D%3D' \
--data-raw '{
  "formFields": [
    {
      "id": "email",
      "value": "namazian87@gmail.com"
    },
    {
      "id": "password",
      "value": "testPass123"
    }
  ]
}'
r
right, and you are getting the error from the localhost:3000/auth/signinup/code request?
h
Yes
r
can you try on postmane?
h
These are exported from postman
shouldn't I pass phone number in signup by email step?
r
no.
oh i see the problem
h
I found the problem, I should have passed phoneNumber not phonenumber
r
yeaa..
h
what is the linkCode in /signinup/code/consume ?
r
it's the part after the
#
in the magic link (if you are using magic links), else you can ignore that
h
how can I acquire
userInputCode
?
I get this message when I send
preAuthSessionId
and how can I set Twilio configs?
r
> how can I acquire userInputCode ? this is the otp that the user enters
> and how can I set Twilio configs? search for smsDelivery in our docs
also, please ask different questions in different threads