MOSIP-40407: OTP notifications and authentication alerts are still be received on a locked channel.

[Ivanmeneges]

1. Create a UIN

2. lock otp-email auth type using auth lock api

{
"request": {
"otp": "403307",
"individualId": "3860563206",
"authType": [
"otp-email"
],
"transactionID": "7571026410",
"individualIdType": "UIN"
},
"requesttime": "2025-03-03T06:34:11.561Z",
"id": "mosip.resident.authlock",
"version": "v1"
}

response:

{
"id": "mosip.resident.authlock",
"version": "v1",
"responsetime": "2025-03-03T06:34:11.916Z",
"response": {
"message": "Notification has been sent to the provided contact detail(s)"
}
}

image-20250303-105245.png

1. Try to send otp on locked channel along with unlocked channel

send-otp:

{
"id": "mosip.identity.otp",
"version": "1.0",
"transactionID": "7571026410",
"requestTime": "2025-03-03T06:36:45.230Z",
"individualId": "3860563206",
"individualIdType": "UIN",
"otpChannel": [
"EMAIL",
"PHONE"
]
}

Response:

{
"id": "mosip.identity.otp",
"version": "1.0",
"transactionID": "7571026410",
"responseTime": "2025-03-03T06:36:46.267Z",
"response": {
"maskedMobile": "XXXXXX6198",
"maskedEmail": "XXtXXAXXIXXnXXtXXVXXiXXaXXmXXeXX_XXLXXkXXmXXlXXeXXrXXOXXEXXiXXaXXhXXmXXeXXoX@mosip.net"
}
}

Observed Output: OTP notifications are being received on the locked channel.

image-20250303-093143.png

Expected Output: OTP notifications should only be received on an unlocked channel.

attaching the report also for the reference:

mosip-api-internal.qa-java21-auth-2025-03-03_12-02-full-report_T-3_P-2_S-0_F-1.html

📎 Attachments

• image-20250303-093143.png

• image-20250303-105245.png

• mosip-api-internal.qa-java21-auth-2025-03-03_12-02-full-report_T-3_P-2_S-0_F-1.html

[Ivanmeneges]

Sivanand commented: This will have impact on the Authentication scenarios.

[Ivanmeneges]

Hemant C Vadher commented: [~accountid:712020:a354eedc-e17e-400c-b961-a8a3f716ad4f] for your prioritization

[Ivanmeneges]

Nidhi Kumari commented: Needs to be checked from the Id-Authentication side.