Self Registration with SMS Confirmation in WSO2 Identity Server 5.10.0 onwards

Register your users in an easy way

https://unsplash.com/s/photos/company-registration

Setup WSO2 IS for self-registration

1. Add an SMS event publisher with the file nameSMSPublisher.xml to <IS_HOME>/repository/deployment/server/eventpublishers location. You can use the provided sample. This is a sample publisher is for publishing the account confirmation code of signup flow to an SMS API. (NOTE: This file may be available in later versions like 5.12.0)

If your SMS provider is Vonage, the data inside the <inline> tag should be changed as follows (Instead of = , use : )

<inline>{
"api_key":"12**33",
"api_secret":"F**a",
"from":"NEXMO",
"to":{{mobile}},
"text":{{body}}
}</inline>

NOTE:

• You need to provide the HTTP request body based on the selected SMS provider (NEXMO, Twillio, D7SMS, Bulksms, etc), between <inline></inline> tags.
• In property http.url under <to></to> , you need to give the REST endpoint of the service the send SMS.
• For the demo purpose, I have used a URL generated from https://webhook.site/. Access here and get your unique URL to test the flow before going to a commercial SMS sender.

2. The accountconfirmation SMS template of <IS-HOME>/repository/conf/sms/sms-templates-admin-config.xml file is sent as the SMS. In case you want to change the message <body> should be changed and restart the server.

<configuration type="accountconfirmation" display="accountconfirmation" locale="en_US">
     <body>Your One-Time Password is : {{confirmation-code}}</body>
</configuration>

3. When you are using the self-registration REST APIs if you wish to get detailed responses add the following config to the <IS-HOME>/repository/conf/deployment.toml file and restart the server. (Responses are enabled based on config in order to support backward compatibility)

[identity_mgt.user_self_registration]
enable_detailed_api_response = true

4. Add the following config to the <IS-HOME>/repository/conf/deployment.toml file based on your requirement.

• default_notification_channel is used to set the default notification mechanism in IS. It can be configured as SMS/ EMAIL.
• resolve_notification_channel is used to resolve the user preferred notification channel.

[identity_mgt.notification]
default_notification_channel = "SMS"
resolve_notification_channel = true

You can understand the notification channel resolution mechanism from this flow chart.

5. Sign in to the WSO2 Identity Server Management carbon Console https://<SERVER_HOST>:9443/carbon as an administrator(default username: password — admin: admin).

6. On the Main Menu of the Management Console, click Identity > Identity Providers > Resident. Under the Account Management Policies section, click User Self Registration.

Find what is meant by each config and alter accordingly. https://is.docs.wso2.com/en/latest/learn/self-registration/#set-up step 6

NOTE: All the following APIs are authenticated from admin user credentials. Otherwise, you can use a token obtained by client credentials grant for the purpose. The important thing is here verification APIs are not invoked by self registered user’s credentials. It means you have to build the self registration portal to invoke all the APIs with privileged user credentilas/ token

1. Self Registration API requests and responses [Define only one notification channel claim - selected mobile claim]

• In my server resolve_notification_channel = true
• Send a self-sign-up request defining mobile, but no email.

• Response: 201 Created

{
  "code": "USR-02001",
  "message": "Successful user self registration. Pending account verification.",
  "notificationChannel": "SMS"
}

• If you check the user profile of the created user, he is locked. (Make account lock claim supported by default to check this is the user profile — follow step 5 in https://is.docs.wso2.com/en/latest/learn/editing-claim-mapping/#editing-claim-mapping)

Signed up user profile on mgt console

• Now you should have received an SMS notification.
• If you have configured the webhook URL for testing purposes, you can find it like this.

response on webhook.site

• Now validate the code and make the user account unlocked.

Account Confirmation API requests and responses

Response: 202 Accepted

• Go and check the user profile. Now the user is unlocked.

2. Self Registration API requests and responses [Define both email and mobile claims and also user-preferred notification channel]

• Users can define the preferred notification channel using this claim.

{
  "uri": "http://wso2.org/claims/identity/preferredChannel",
  "value": "SMS"
}

• Code validation is the same as mentioned above step.

All done... 👊You can play around with the variables referring to the flow diagram and make your use case real!!

NOTE: UI support for notification channel selection on user self-registration is not available yet. It’s in the WSO2-IS roadmap. https://github.com/wso2/product-is/issues/9847

Stay tuned for more WSO2 IS features!🎉🎉