Does anyone know the best practice, while using the Okta Factor API, to cancel an SMS verification transaction? I.e. the user decides to send an OTP to their phone, decides they can’t retrieve the message, then wants to cancel and try another factor. There is a way in the push factor to cancel. But in SMS and even Voice call, I can’t seem to figure it out.
SMS and Phone call don’t block waiting for completion but instead asynchronously send the OTP. Validating the OTP is a fresh HTTP request. You shouldn’t need to cancel the SMS or Voice, the OTP sent will automatically age out and expire. You should just be able to issue a new challenge on an new Factor of your choice.
Excellent. Thanks for the info. I expected as much but wanted to make sure.