HTTP SMS Provider not called during MFA OTP SMS challenge (Login V1, Zitadel 4.12.1)
⚙️Configuration🏬Self-hosted🔍Authentication❌Unsolved❓Question
Hi everyone,
I'm running Zitadel 4.12.1 self-hosted on Kubernetes with Login V1.
My setup:
I configured an HTTP SMS provider via the Admin API (POST /admin/v1/sms/http) with my custom endpoint
The provider is active (SMS_PROVIDER_CONFIG_ACTIVE)
The user has OTP SMS configured and ready (SECOND_FACTOR_TYPE_OTP_SMS)
The login policy has SECOND_FACTOR_TYPE_OTP_SMS enabled
My endpoint is publicly accessible and works perfectly when called manually
The problem:
When a user logs in through the browser (Login V1 UI) and reaches the MFA OTP SMS challenge screen ("Vérifier authentification à 2 facteurs"), Zitadel never calls my HTTP SMS provider endpoint. No request is received on my endpoint, no logs, nothing.
My question:
Is the HTTP SMS provider supported in Login V1? Or is it only supported in Login V2?
If Login V1 doesn't support HTTP SMS provider for MFA challenges, what is the recommended approach to use a custom SMS provider with Login V1?
Context:
I need to support both:
A headless API flow (grant_type=password + custom OTP SMS) — already working
A browser flow (Login UI + custom SMS provider) — blocked
Any help would be greatly appreciated. Thanks!
I'm running Zitadel 4.12.1 self-hosted on Kubernetes with Login V1.
My setup:
I configured an HTTP SMS provider via the Admin API (POST /admin/v1/sms/http) with my custom endpoint
The provider is active (SMS_PROVIDER_CONFIG_ACTIVE)
The user has OTP SMS configured and ready (SECOND_FACTOR_TYPE_OTP_SMS)
The login policy has SECOND_FACTOR_TYPE_OTP_SMS enabled
My endpoint is publicly accessible and works perfectly when called manually
The problem:
When a user logs in through the browser (Login V1 UI) and reaches the MFA OTP SMS challenge screen ("Vérifier authentification à 2 facteurs"), Zitadel never calls my HTTP SMS provider endpoint. No request is received on my endpoint, no logs, nothing.
My question:
Is the HTTP SMS provider supported in Login V1? Or is it only supported in Login V2?
If Login V1 doesn't support HTTP SMS provider for MFA challenges, what is the recommended approach to use a custom SMS provider with Login V1?
Context:
I need to support both:
A headless API flow (grant_type=password + custom OTP SMS) — already working
A browser flow (Login UI + custom SMS provider) — blocked
Any help would be greatly appreciated. Thanks!
