-
Notifications
You must be signed in to change notification settings - Fork 376
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add test OTP support for mobile app reviews #1166
Conversation
I will be very happy to see this soon available. Any progress on it? |
Got held up with some other work, but am going to continue working on it. |
e772a40
to
f89dd79
Compare
752323f
to
ecf0306
Compare
ecf0306
to
f7ec62c
Compare
This is an awesome feature! I'm glad it's almost ready to go! |
@kdewald - glad you like the feature - generally a version update happens within two weeks or less |
🎉 This PR is included in version 2.88.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
How can we use it, do we wait the |
@azlekov the CLI is usually updated around the same time as Supabase Auth. We'd advise against overwriting the version unless absolutely necessary as you may get different behaviour from what you will get from your hosted Supabase instance. |
Just a follow-up question on this topic. Is there an expected timeline for this feature to be available in https://github.com/supabase/supabase? It doesn't have to be very precise, but I would like to plan accordingly if possible. Thanks! |
PR for Supabase Dashboard: supabase/supabase#16811 |
@hf It seems that there's a bug that's happening to multiple users around this feature: supabase/supabase#16811 (comment) |
When developers build mobile apps that use phone login, they need to provide pre-determined phone numbers and OTPs that will work so that automated and manual app reviewers (that work at Apple's AppStore or Google's Play Store) can test and confirm compliance with the phone system. Those reviewers / systems cannot be expected to provide their own phone number. Developers can thus set up the following environment variable: ``` GOTRUE_EXTERNAL_SMS_TEST_OTP="<phone-1>=<otp-1>, <phone-2>=<otp-2>..." GOTRUE_EXTERNAL_SMS_TEST_OTP_VALID_UNTIL="<ISO date time>" ``` SMS messages are not sent to those test phone numbers. Furthermore after the validity period has expired, they will automatically not be used. This enhances the security so that people don't forget test OTPs accidentally. Incidentally this makes it possible to use phone number logins when developing locally.
When developers build mobile apps that use phone login, they need to provide pre-determined phone numbers and OTPs that will work so that automated and manual app reviewers (that work at Apple's AppStore or Google's Play Store) can test and confirm compliance with the phone system. Those reviewers / systems cannot be expected to provide their own phone number. Developers can thus set up the following environment variable: ``` GOTRUE_EXTERNAL_SMS_TEST_OTP="<phone-1>=<otp-1>, <phone-2>=<otp-2>..." GOTRUE_EXTERNAL_SMS_TEST_OTP_VALID_UNTIL="<ISO date time>" ``` SMS messages are not sent to those test phone numbers. Furthermore after the validity period has expired, they will automatically not be used. This enhances the security so that people don't forget test OTPs accidentally. Incidentally this makes it possible to use phone number logins when developing locally.
When developers build mobile apps that use phone login, they need to provide pre-determined phone numbers and OTPs that will work so that automated and manual app reviewers (that work at Apple's AppStore or Google's Play Store) can test and confirm compliance with the phone system. Those reviewers / systems cannot be expected to provide their own phone number. Developers can thus set up the following environment variable: ``` GOTRUE_EXTERNAL_SMS_TEST_OTP="<phone-1>=<otp-1>, <phone-2>=<otp-2>..." GOTRUE_EXTERNAL_SMS_TEST_OTP_VALID_UNTIL="<ISO date time>" ``` SMS messages are not sent to those test phone numbers. Furthermore after the validity period has expired, they will automatically not be used. This enhances the security so that people don't forget test OTPs accidentally. Incidentally this makes it possible to use phone number logins when developing locally.
When developers build mobile apps that use phone login, they need to provide pre-determined phone numbers and OTPs that will work so that automated and manual app reviewers (that work at Apple's AppStore or Google's Play Store) can test and confirm compliance with the phone system.
Those reviewers / systems cannot be expected to provide their own phone number.
Developers can thus set up the following environment variable:
SMS messages are not sent to those test phone numbers. Furthermore after the validity period has expired, they will automatically not be used. This enhances the security so that people don't forget test OTPs accidentally.
Incidentally this makes it possible to use phone number logins when developing locally.