Self Registration with SMS Confirmation in WSO2 Identity Server 5.10.0 onwards
Register your users in an easy way
Setup WSO2 IS for self-registration
- Add an SMS event publisher with the file name
SMSPublisher.xml
to<IS_HOME>/repository/deployment/server/eventpublishers
location. You can use the provided sample. This is a sample publisher is for publishing the account confirmation code of signup flow to an SMS API. (NOTE: This file may be available in later versions like 5.12.0)
If your SMS provider is Vonage, the data inside the <inline> tag should be changed as follows (Instead of =
, use :
)
<inline>{
"api_key":"12**33",
"api_secret":"F**a",
"from":"NEXMO",
"to":{{mobile}},
"text":{{body}}
}</inline>
NOTE:
- You need to provide the HTTP request body based on the selected SMS provider (NEXMO, Twillio, D7SMS, Bulksms, etc), between
<inline></inline>
tags. - In property
http.url
under<to></to>
, you need to give the REST endpoint of the service the send SMS. - For the demo purpose, I have used a URL generated from https://webhook.site/. Access here and get your unique URL to test the flow before going to a commercial SMS sender.
2. The accountconfirmation SMS template of <IS-HOME>/repository/conf/sms/sms-templates-admin-config.xml
file is sent as the SMS. In case you want to change the message <body>
should be changed and restart the server.
<configuration type="accountconfirmation" display="accountconfirmation" locale="en_US">
<body>Your One-Time Password is : {{confirmation-code}}</body>
</configuration>
3. When you are using the self-registration REST APIs if you wish to get detailed responses add the following config to the <IS-HOME>/repository/conf/deployment.toml
file and restart the server. (Responses are enabled based on config in order to support backward compatibility)
[identity_mgt.user_self_registration]
enable_detailed_api_response = true
4. Add the following config to the <IS-HOME>/repository/conf/deployment.toml
file based on your requirement.
default_notification_channel
is used to set the default notification mechanism in IS. It can be configured as SMS/ EMAIL.resolve_notification_channel
is used to resolve the user preferred notification channel.
[identity_mgt.notification]
default_notification_channel = "SMS"
resolve_notification_channel = true
You can understand the notification channel resolution mechanism from this flow chart.
5. Sign in to the WSO2 Identity Server Management carbon Console https://<SERVER_HOST>:9443/carbon
as an administrator(default username: password — admin: admin).
6. On the Main Menu of the Management Console, click Identity > Identity Providers > Resident. Under the Account Management Policies section, click User Self Registration.
Find what is meant by each config and alter accordingly. https://is.docs.wso2.com/en/latest/learn/self-registration/#set-up step 6
NOTE: All the following APIs are authenticated from admin user credentials. Otherwise, you can use a token obtained by client credentials grant for the purpose. The important thing is here verification APIs are not invoked by self registered user’s credentials. It means you have to build the self registration portal to invoke all the APIs with privileged user credentilas/ token
1. Self Registration API requests and responses [Define only one notification channel claim - selected mobile claim]
- In my server
resolve_notification_channel = true
- Send a self-sign-up request defining mobile, but no email.
- Response:
201 Created
{ "code": "USR-02001", "message": "Successful user self registration. Pending account verification.", "notificationChannel": "SMS"}
- If you check the user profile of the created user, he is locked. (Make account lock claim supported by default to check this is the user profile — follow step 5 in https://is.docs.wso2.com/en/latest/learn/editing-claim-mapping/#editing-claim-mapping)
- Now you should have received an SMS notification.
- If you have configured the webhook URL for testing purposes, you can find it like this.
- Now validate the code and make the user account unlocked.
Account Confirmation API requests and responses
Response: 202 Accepted
- Go and check the user profile. Now the user is unlocked.
2. Self Registration API requests and responses [Define both email and mobile claims and also user-preferred notification channel]
- Users can define the preferred notification channel using this claim.
{ "uri": "http://wso2.org/claims/identity/preferredChannel", "value": "SMS"}
- Code validation is the same as mentioned above step.
All done... 👊You can play around with the variables referring to the flow diagram and make your use case real!!
NOTE: UI support for notification channel selection on user self-registration is not available yet. It’s in the WSO2-IS roadmap. https://github.com/wso2/product-is/issues/9847
Stay tuned for more WSO2 IS features!🎉🎉