Customizing Stormpath account activation workflow

Question

Strompath default registration workflow supports email verification, we would like to perform SMS OTP verification as our primary business case is targeted at mobile users, would like to know if the below technical flow is possible with it's API.

Is this a efficient way to handle this scenario, as there are multiple n/w hops and multiple systems involved here, or does Strompath provide any efficient way to handle this.

Answer 1

Yep! You can most definitely do that.

What you'll want to do is this:

• When a user registers on your site, set their Stormpath status to 'UNVERIFIED' but DON'T enable the Stormpath Account Verification Workflow.
• When the user sends you their OTP number, and you validate it, update the user's Stormpath Account and set status to 'ENABLED'.
• Now the user can log into your app securely!

You'll obviously need to also create your own custom registration route to make this work, as the express-stormpath library (I'm the author) doesn't do this out of the box.