You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I installed appwrite to be able to authenticate users faster using SMS and Twilio as a backend.
I'm having a hard time doing server side verification because I want the user to enter their phone number in JS (frontend) and verify it using PHP but this seems to be impossible because the documentation for the Phone verification requires already a JWT which can only be issued when authentication is already finished.
In JS I have to call createPhoneSession and then run updatePhoneSession to verify the code and only when this was successful I can issue a JWT using account.createJWT()
In PHP this code fails
$client = newClient();
$client
->setEndpoint('https://myurl/v1')
->setProject('652d4af1633afc99def')
->setKey('528958d6e5f[..]e318fc67') // Your secret API key
->setSelfSigned()
;
$userid="652d5b5a9a699deabcce"; //would get this from an AJAX request from the frontend$secret="243503"; //phone verification token$account = newAccount($client);
$result = $account->updatePhoneVerification($userid, $secret);
var_dump($result);
It fails with the error: (role: applications) missing scope (public) which means that using a API secret you can't confirm the users phone token. It needs setJWT instead of setKey but again the JWT can only be issued after authentication.
So why do these endpoints even exist in PHP when you can't use it for authentication in the backend? How is this meant to be used? Anonymous logins and afterwards backend checks?
👀 Have you spent some time to check if this issue has been raised before?
💭 Description
I installed appwrite to be able to authenticate users faster using SMS and Twilio as a backend.
I'm having a hard time doing server side verification because I want the user to enter their phone number in JS (frontend) and verify it using PHP but this seems to be impossible because the documentation for the Phone verification requires already a JWT which can only be issued when authentication is already finished.
In JS I have to call
createPhoneSessionand then runupdatePhoneSessionto verify the code and only when this was successful I can issue a JWT usingaccount.createJWT()In PHP this code fails
It fails with the error:
(role: applications) missing scope (public)which means that using a API secret you can't confirm the users phone token. It needssetJWTinstead ofsetKeybut again the JWT can only be issued after authentication.So why do these endpoints even exist in PHP when you can't use it for authentication in the backend? How is this meant to be used? Anonymous logins and afterwards backend checks?
👀 Have you spent some time to check if this issue has been raised before?
🏢 Have you read the Code of Conduct?
The text was updated successfully, but these errors were encountered: