[OB4] Add SMS OTP verification for the consent flow #863
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests (beta)
Tip 📝 Customizable high-level summaries are now available in beta!You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.
Example instruction:
Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![wso2-engineering[bot]](https://avatars.githubusercontent.com/in/1856828?s=60&v=4){kind=small}
Comment on lines
+144
to
+152
| // Store userId in session for OTP verification (extracted from consent retrieval response) | ||
| // The userId (SCIM ID) is now added to the response JSON by ConsentAuthorizeEndpoint | ||
| if (dataSet.has(Constants.USER_ID)) { | ||
| String userId = dataSet.getString(Constants.USER_ID); | ||
| session.setAttribute(Constants.USER_ID, userId); | ||
| log.debug("Stored userId in session: " + userId); | ||
| } else { | ||
| log.warn("userId not found in consent data response"); | ||
| } |
Contributor
There was a problem hiding this comment.
Log Improvement Suggestion No: 1
Suggested change
| // Store userId in session for OTP verification (extracted from consent retrieval response) | |
| // The userId (SCIM ID) is now added to the response JSON by ConsentAuthorizeEndpoint | |
| if (dataSet.has(Constants.USER_ID)) { | |
| String userId = dataSet.getString(Constants.USER_ID); | |
| session.setAttribute(Constants.USER_ID, userId); | |
| log.debug("Stored userId in session: " + userId); | |
| } else { | |
| log.warn("userId not found in consent data response"); | |
| } | |
| // The userId (SCIM ID) is now added to the response JSON by ConsentAuthorizeEndpoint | |
| if (dataSet.has(Constants.USER_ID)) { | |
| String userId = dataSet.getString(Constants.USER_ID); | |
| session.setAttribute(Constants.USER_ID, userId); | |
| if (log.isDebugEnabled()) { | |
| log.debug("Stored userId in session for OTP verification"); | |
| } | |
| } else { | |
| log.warn("userId not found in consent data response"); | |
| } |
Comment on lines
+112
to
+116
| session.setAttribute(SESSION_USER_ID, userId); | ||
|
|
||
| try { | ||
|
|
||
| GenerationResponseDTO otpResponse = smsotpService.generateSMSOTP(userId); |
Contributor
There was a problem hiding this comment.
Log Improvement Suggestion No: 2
Suggested change
| session.setAttribute(SESSION_USER_ID, userId); | |
| try { | |
| GenerationResponseDTO otpResponse = smsotpService.generateSMSOTP(userId); | |
| try { | |
| GenerationResponseDTO otpResponse = smsotpService.generateSMSOTP(userId); | |
| log.info("OTP generation initiated for user ID: {}", userId); | |
| String transactionId = otpResponse.getTransactionId(); |
Comment on lines
+142
to
+145
| } | ||
|
|
||
| try { | ||
| ValidationResponseDTO validationResponse = smsotpService.validateSMSOTP(transactionId, userId, providedOtp); |
Contributor
There was a problem hiding this comment.
Log Improvement Suggestion No: 3
Suggested change
| } | |
| try { | |
| ValidationResponseDTO validationResponse = smsotpService.validateSMSOTP(transactionId, userId, providedOtp); | |
| ValidationResponseDTO validationResponse = smsotpService.validateSMSOTP(transactionId, userId, providedOtp); | |
| if (validationResponse.isValid()) { | |
| log.info("OTP verified successfully for user ID: {}", userId); | |
| session.removeAttribute(SESSION_OTP_TRANSACTION_ID); |
Comment on lines
+12
to
+16
| import java.nio.charset.StandardCharsets; | ||
|
|
||
| /** | ||
| * HTTP client for calling the SMS OTP service. | ||
| */ |
Contributor
There was a problem hiding this comment.
Log Improvement Suggestion No: 4
Suggested change
| import java.nio.charset.StandardCharsets; | |
| /** | |
| * HTTP client for calling the SMS OTP service. | |
| */ | |
| import org.apache.commons.logging.Log; | |
| import org.apache.commons.logging.LogFactory; | |
| /** | |
| * HTTP client for calling the SMS OTP service. | |
| */ | |
| public class OTPAPIClient { | |
| private static final Log log = LogFactory.getLog(OTPAPIClient.class); |
Comment on lines
+22
to
+34
| public static JSONObject generateOtp(String userId) throws IOException { | ||
| JSONObject payload = new JSONObject(); | ||
| payload.put("userId", userId); | ||
|
|
||
| CloseableHttpClient client = HTTPClientUtils.getHttpsClient(); | ||
| HttpPost post = new HttpPost(GENERATE_URL); | ||
| post.setHeader("Content-Type", "application/json"); | ||
| post.setEntity(new StringEntity(payload.toString())); | ||
|
|
||
| try (CloseableHttpResponse response = client.execute(post)) { | ||
| String json = IOUtils.toString(response.getEntity().getContent(), StandardCharsets.UTF_8); | ||
| return new JSONObject(json); | ||
| } |
Contributor
There was a problem hiding this comment.
Log Improvement Suggestion No: 5
Suggested change
| public static JSONObject generateOtp(String userId) throws IOException { | |
| JSONObject payload = new JSONObject(); | |
| payload.put("userId", userId); | |
| CloseableHttpClient client = HTTPClientUtils.getHttpsClient(); | |
| HttpPost post = new HttpPost(GENERATE_URL); | |
| post.setHeader("Content-Type", "application/json"); | |
| post.setEntity(new StringEntity(payload.toString())); | |
| try (CloseableHttpResponse response = client.execute(post)) { | |
| String json = IOUtils.toString(response.getEntity().getContent(), StandardCharsets.UTF_8); | |
| return new JSONObject(json); | |
| } | |
| public static JSONObject generateOtp(String userId) throws IOException { | |
| if (log.isDebugEnabled()) { | |
| log.debug("Generating OTP for user: " + userId); | |
| } | |
| JSONObject payload = new JSONObject(); | |
| payload.put("userId", userId); | |
| CloseableHttpClient client = HTTPClientUtils.getHttpsClient(); | |
| HttpPost post = new HttpPost(GENERATE_URL); | |
| post.setHeader("Content-Type", "application/json"); | |
| post.setEntity(new StringEntity(payload.toString())); | |
| try (CloseableHttpResponse response = client.execute(post)) { | |
| int statusCode = response.getStatusLine().getStatusCode(); | |
| String json = IOUtils.toString(response.getEntity().getContent(), StandardCharsets.UTF_8); | |
| if (statusCode == 200) { | |
| log.info("OTP generated successfully for user: " + userId); | |
| } else { | |
| log.error("Failed to generate OTP. Status code: " + statusCode); | |
| } | |
| return new JSONObject(json); | |
| } |
Comment on lines
233
to
+241
| ConsentUtils.setCommonDataToResponse(consentData, jsonObject); | ||
|
|
||
| // Add userId (SCIM ID) to the response JSON for OTP verification | ||
| if (sensitiveDataMap.containsKey(ConsentConstants.LOGGED_IN_USER)) { | ||
| String userId = (String) sensitiveDataMap.get(ConsentConstants.LOGGED_IN_USER); | ||
| if (userId != null && !userId.isEmpty()) { | ||
| jsonObject.put(ConsentExtensionConstants.USER_ID, userId); | ||
| } | ||
| } |
Contributor
There was a problem hiding this comment.
Log Improvement Suggestion No: 6
Suggested change
| ConsentUtils.setCommonDataToResponse(consentData, jsonObject); | |
| // Add userId (SCIM ID) to the response JSON for OTP verification | |
| if (sensitiveDataMap.containsKey(ConsentConstants.LOGGED_IN_USER)) { | |
| String userId = (String) sensitiveDataMap.get(ConsentConstants.LOGGED_IN_USER); | |
| if (userId != null && !userId.isEmpty()) { | |
| jsonObject.put(ConsentExtensionConstants.USER_ID, userId); | |
| } | |
| } | |
| ConsentUtils.setCommonDataToResponse(consentData, jsonObject); | |
| // Add userId (SCIM ID) to the response JSON for OTP verification | |
| if (sensitiveDataMap.containsKey(ConsentConstants.LOGGED_IN_USER)) { | |
| String userId = (String) sensitiveDataMap.get(ConsentConstants.LOGGED_IN_USER); | |
| if (userId != null && !userId.isEmpty()) { | |
| if (log.isDebugEnabled()) { | |
| log.debug("Adding userId to consent response for OTP verification"); | |
| } | |
| jsonObject.put(ConsentExtensionConstants.USER_ID, userId); |
Contributor
There was a problem hiding this comment.
AI Agent Log Improvement Checklist
- The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
- Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.
✅ Before merging this pull request:
- Review all AI-generated comments for accuracy and relevance.
- Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[OB4] Add SMS OTP verification for the consent flow
Issue link: required
Doc Issue: Optional, link issue from documentation repository
Applicable Labels: Spec, product, version, type (specify requested labels)
Development Checklist
Testing Checklist