hey, I'm building an auth flow and I'm wondering w...
# ask-a-descopers
stocky-tent-41776
07/20/2023, 1:39 AMhey, I'm building an auth flow and I'm wondering what would happen if DescopeAuth algorithm verifies that the login "is risky" but that user doesn't have an OTP method (let's say his phone wasn't verified)?
I'm asking because I'm not sure how would I be able to test it
f
faint-musician-4508
07/20/2023, 1:42 AM
This flow will send an OTP to the phone associated with user. If you don’t have it, it will error. You should collect the phone on sign up path always for this to work
s
stocky-tent-41776
07/20/2023, 3:39 AMthe OTP will be send only if the phone is verified I assume?
f
faint-musician-4508
07/20/2023, 3:40 AM
No. Once user verifies the OTP, then number is marked as verified. So effectively, in your sign up flow, you should collect the number, and use update OTP/SMS action to verify and then the number will be marked verified too. Then at time of sign in the OTP can be sent in case of high risk.
✅ 1