Re: [Architecture] Supporting Email or Mobile as the Preferred Communication Channel for Users

[Ruwan Abeykoon]

Hi Sominda,
Better not use registry any more for any new functionality.
Can we use new config store ?

Cheers,
Ruwan A

On Thu, Nov 28, 2019 at 3:05 PM Sominda Gamage  wrote:

> Hi all,
>
> According to the implementation, the SMS templates are stored inside the
> *email-admin-config.xml* file. Even though this works perfectly, the
> procedure is incorrect. Therefore I have decided to change the storing
> location of the SMS notification templates.
>
> *Proposed solution*
> - Store the SMS templates in a different registry folder.
> - Add and notification templates from the registry.
> - Introduce a new API to EmailTemplateManager to resolve the templates
> from the template type.
>
> Thanks and regards,
> Sominda.
>
> On Wed, Nov 27, 2019 at 11:06 AM Sominda Gamage  wrote:
>
>> Hi all,
>>
>> I have written several blogs explaining the feature and configurations.
>> Please find the links below. Currently, this feature does not have a
>> tutorial. I will make a new tutorial for this feature and update the mail
>> thread.
>>
>> [1] - User Self Registration and Account Confirmation via Mobile and
>> Email Channels in WSO2 Identity Server
>> 
>> [2] - Requests and Responses of User Self Registration REST APIs in WSO2
>> Identity Server
>> 
>> [3] - Configuring WSO2 Identity Server to Support Multiple notification
>> channels
>> 
>>
>> Thanks,
>> Sominda.
>>
>> On Wed, Nov 27, 2019 at 7:41 AM Sominda Gamage  wrote:
>>
>>> Hi all,
>>>
>>>
>>> WUM update for User Self-Registration via Email and SMS is released for
>>> WSO2 IS 5.7.0 and WSO2 IS 5.7.0 KM. The update number is 5734. The
>>> configuration details are provided in doc [1] and [2].
>>>
>>>
>>> Document [1] contains a detailed description of the functionality of the
>>> API with sample API requests and responses. Also, Doc [1] contains more
>>> information on notification channel selecting criteria. Document [2]
>>> contains the configurations that are needed to configure self-registration
>>> to support multiple channels.
>>>
>>>
>>> Improvements by the feature.
>>>
>>>- The feature is provided only via the user self-registration APIs
>>>- A new service has been introduced to determine the preferred
>>>channel of the user.
>>>- A new identity claim is introduced to track the preferred
>>>notification channel of the user.
>>>- The responses of User-Self registration API has been introduced.
>>>   - By default this configuration is disabled.
>>>- The functionality of the Account Confirmation API has been
>>>improved.
>>>   - For more information refer to the extended account confirmation
>>>   api
>>>   
>>> 
>>>   .
>>>
>>>
>>>
>>> [1] -
>>> https://docs.wso2.com/display/IS570/Extending+User+Self+Registration+and+Account+Confirmation
>>>
>>> [2] -
>>> https://docs.wso2.com/display/IS570/Configuring+a+User+Preferred+Notification+Channel
>>>
>>>
>>> Thanks & Regards,
>>>
>>> Sominda.
>>>
>>> On Wed, Nov 27, 2019 at 7:40 AM Sominda Gamage  wrote:
>>>
 Hi all,

 I have implemented APIs to support self registration via mobile (SMS)
 or EMAIL as account confirmation channels. According to the
 implementation, I have defined two notification channels and each channel
 has several claims bound to it.

- Channel Name (EMAIL or SMS)
- Channel Value Claim - Claim to store the value of the claims (Eg:
http://wso2.org/claims/mobile)
- Channel Verified Claim -  A claim to store the verified status of
the channel (Eg: http://wso2.org/claims/phoneVerified)

 Following are the claims associated with each channel

- *Email*
   - Channel Name: EMAIL
   - Value Claim: http://wso2.org/claims/emailaddress
   - Verified Claim: http://wso2.org/claims/emailVerified
- *Mobile*
   - Channel Name: SMS
   - Value Claim: http://wso2.org/claims/mobile
   - Verified Claim: http://wso2.org/claims/phoneVerified

 The following properties were added to identity.xml.


 1. Configurations in *identity.xml* within the ** tags to
 resolve the notification channels.


 **

 *EMAIL*
 **

 *true *


 *   *

 **


 2. Configurations in *identity.xml* within the **
 tags.




 *true*


 *True*


 **

Re: [Architecture] Supporting Email or Mobile as the Preferred Communication Channel for Users

[Darshana Gunawardana]

Thanks for the clarification Sominda. Please update once all (code\docs)
PRs are merged.

Regards,

On Wed, Nov 27, 2019 at 10:33 AM Sominda Gamage  wrote:

> Hello Darshana,
>
> I have done the required changes in the master. The feature will be
> available from WSO2 IS 5.10.0 onwards. Still, the PRs are in the review
> stage. Please find the main PR [1]. I have linked other related PRs in the
> description of PR [1]. Once the feature is released in the latest WSO2 IS,
> I will update the mail thread.
> I have written a document to try out this feature and already sent a PR
> [2] to WSO2 docs-is. But this documentation will only available for WSO2 IS
> 5.10.0.
> I have created separate issues to track the feature.
>
>- Issue [3] is to track supporting multiple verification channels for
>user self-registration and account confirmation.
>- Issue [4] is to track supporting email or mobile as the preferred
>communication channel.
>
>
> [1] - https://github.com/wso2-extensions/identity-governance/pull/324
> [2] - https://github.com/wso2/docs-is/pull/881
> [3] - https://github.com/wso2/product-is/issues/6339
> [4] - https://github.com/wso2/product-is/issues/6116
>
> Thanks and Regards,
> Sominda.
>
> On Wed, Nov 27, 2019 at 8:21 AM Darshana Gunawardana 
> wrote:
>
>> Hi Sominda,
>>
>> This is a nice feature addition to the product. Thanks for getting it
>> done.
>>
>> Have couple of questions,
>>
>>- Could you also mention details on the availability of this
>>capability in the master. (Which from milestone onwards it has this
>>functionality and related doc links)
>>- Do we have a guide that showcase the capability using the Identity
>>Server with an end to end use case? If not shall we have one?
>>- And can you point me to the git issue that have the details of the
>>overall roadmap of this space?
>>
>>
>> Thanks,
>>
>> On Wed, Nov 27, 2019 at 7:41 AM Sominda Gamage  wrote:
>>
>>> Hi all,
>>>
>>>
>>> WUM update for User Self-Registration via Email and SMS is released for
>>> WSO2 IS 5.7.0 and WSO2 IS 5.7.0 KM. The update number is 5734. The
>>> configuration details are provided in doc [1] and [2].
>>>
>>>
>>> Document [1] contains a detailed description of the functionality of the
>>> API with sample API requests and responses. Also, Doc [1] contains more
>>> information on notification channel selecting criteria. Document [2]
>>> contains the configurations that are needed to configure self-registration
>>> to support multiple channels.
>>>
>>>
>>> Improvements by the feature.
>>>
>>>- The feature is provided only via the user self-registration APIs
>>>- A new service has been introduced to determine the preferred
>>>channel of the user.
>>>- A new identity claim is introduced to track the preferred
>>>notification channel of the user.
>>>- The responses of User-Self registration API has been introduced.
>>>   - By default this configuration is disabled.
>>>- The functionality of the Account Confirmation API has been
>>>improved.
>>>   - For more information refer to the extended account confirmation
>>>   api
>>>   
>>> 
>>>   .
>>>
>>>
>>>
>>> [1] -
>>> https://docs.wso2.com/display/IS570/Extending+User+Self+Registration+and+Account+Confirmation
>>>
>>> [2] -
>>> https://docs.wso2.com/display/IS570/Configuring+a+User+Preferred+Notification+Channel
>>>
>>>
>>> Thanks & Regards,
>>>
>>> Sominda.
>>>
>>> On Wed, Nov 27, 2019 at 7:40 AM Sominda Gamage  wrote:
>>>
 Hi all,

 I have implemented APIs to support self registration via mobile (SMS)
 or EMAIL as account confirmation channels. According to the
 implementation, I have defined two notification channels and each channel
 has several claims bound to it.

- Channel Name (EMAIL or SMS)
- Channel Value Claim - Claim to store the value of the claims (Eg:
http://wso2.org/claims/mobile)
- Channel Verified Claim -  A claim to store the verified status of
the channel (Eg: http://wso2.org/claims/phoneVerified)

 Following are the claims associated with each channel

- *Email*
   - Channel Name: EMAIL
   - Value Claim: http://wso2.org/claims/emailaddress
   - Verified Claim: http://wso2.org/claims/emailVerified
- *Mobile*
   - Channel Name: SMS
   - Value Claim: http://wso2.org/claims/mobile
   - Verified Claim: http://wso2.org/claims/phoneVerified

 The following properties were added to identity.xml.


 1. Configurations in *identity.xml* within the ** tags to
 resolve the notification channels.


 **

 *EMAIL*
 **

 *true *


 *   *

 **


 2. 

Re: [Architecture] Supporting Email or Mobile as the Preferred Communication Channel for Users

[Darshana Gunawardana]

Hi Sominda,

This is a nice feature addition to the product. Thanks for getting it done.

Have couple of questions,

   - Could you also mention details on the availability of this capability
   in the master. (Which from milestone onwards it has this functionality and
   related doc links)
   - Do we have a guide that showcase the capability using the Identity
   Server with an end to end use case? If not shall we have one?
   - And can you point me to the git issue that have the details of the
   overall roadmap of this space?


Thanks,

On Wed, Nov 27, 2019 at 7:41 AM Sominda Gamage  wrote:

> Hi all,
>
>
> WUM update for User Self-Registration via Email and SMS is released for
> WSO2 IS 5.7.0 and WSO2 IS 5.7.0 KM. The update number is 5734. The
> configuration details are provided in doc [1] and [2].
>
>
> Document [1] contains a detailed description of the functionality of the
> API with sample API requests and responses. Also, Doc [1] contains more
> information on notification channel selecting criteria. Document [2]
> contains the configurations that are needed to configure self-registration
> to support multiple channels.
>
>
> Improvements by the feature.
>
>- The feature is provided only via the user self-registration APIs
>- A new service has been introduced to determine the preferred channel
>of the user.
>- A new identity claim is introduced to track the preferred
>notification channel of the user.
>- The responses of User-Self registration API has been introduced.
>   - By default this configuration is disabled.
>- The functionality of the Account Confirmation API has been improved.
>   - For more information refer to the extended account confirmation
>   api
>   
> 
>   .
>
>
>
> [1] -
> https://docs.wso2.com/display/IS570/Extending+User+Self+Registration+and+Account+Confirmation
>
> [2] -
> https://docs.wso2.com/display/IS570/Configuring+a+User+Preferred+Notification+Channel
>
>
> Thanks & Regards,
>
> Sominda.
>
> On Wed, Nov 27, 2019 at 7:40 AM Sominda Gamage  wrote:
>
>> Hi all,
>>
>> I have implemented APIs to support self registration via mobile (SMS) or
>> EMAIL as account confirmation channels. According to the implementation,
>> I have defined two notification channels and each channel has several
>> claims bound to it.
>>
>>- Channel Name (EMAIL or SMS)
>>- Channel Value Claim - Claim to store the value of the claims (Eg:
>>http://wso2.org/claims/mobile)
>>- Channel Verified Claim -  A claim to store the verified status of
>>the channel (Eg: http://wso2.org/claims/phoneVerified)
>>
>> Following are the claims associated with each channel
>>
>>- *Email*
>>   - Channel Name: EMAIL
>>   - Value Claim: http://wso2.org/claims/emailaddress
>>   - Verified Claim: http://wso2.org/claims/emailVerified
>>- *Mobile*
>>   - Channel Name: SMS
>>   - Value Claim: http://wso2.org/claims/mobile
>>   - Verified Claim: http://wso2.org/claims/phoneVerified
>>
>> The following properties were added to identity.xml.
>>
>>
>> 1. Configurations in *identity.xml* within the ** tags to
>> resolve the notification channels.
>>
>>
>> **
>>
>> *EMAIL*
>> **
>>
>> *true *
>>
>>
>> *   *
>>
>> **
>>
>>
>> 2. Configurations in *identity.xml* within the ** tags.
>>
>>
>>
>>
>> *true*
>>
>>
>> *True*
>>
>>
>> **
>>
>>
>> For more details on the configurations refer to Configuring a User
>> Preferred Notification Channel
>> 
>> .
>>
>>
>> Thanks and regards,
>> Sominda.
>>
>> On Tue, Aug 13, 2019 at 9:55 AM Sominda Gamage  wrote:
>>
>>> Hi all,
>>>
>>> Please find the solution proposal of implementing a preferred channel
>>> for user self registration flow.
>>>
>>> User self registration
>>> *User Narrative*
>>>
>>>1.
>>>
>>>When a user self registrates, the user
>>>1.
>>>
>>>   Has to provide either a mobile number or an email address or both.
>>>   2.
>>>
>>>   Can provide a preferred communication channel as Email or SMS.
>>>   2.
>>>
>>>Then the user will get recovery notifications based on the provided
>>>communication channels.
>>>
>>>
>>>-
>>>
>>>If the channel is email: navigate to the email and click the
>>>verification link to verify the user account.
>>>-
>>>
>>>If the channel is SMS: provide the received OTP during the self
>>>registration phase and confirm the user account.
>>>
>>> *Solution*
>>>
>>>-
>>>
>>>In a self registration request following claims are required for the
>>>server to initiate an account verification request.
>>>-
>>>
>>>   Either mobile number or email address claims or both claims (At
>>>   least one claim should be in the 

Re: [Architecture] Supporting Email or Mobile as the Preferred Communication Channel for Users

[Sominda Gamage]

Hi all,

I have implemented a new set of APIs to support account recovery flow via a
user preferred communication channel. Please refer to the mail [1] for more
information about the implementation.
Thank you.

[1] - New APIs to support user account recovery via user preferred channel
for Identity Server

Regards,
Sominda

On Tue, Aug 13, 2019 at 9:55 AM Sominda Gamage  wrote:

> Hi all,
>
> Please find the solution proposal of implementing a preferred channel for
> user self registration flow.
>
> User self registration
> *User Narrative*
>
>1.
>
>When a user self registrates, the user
>1.
>
>   Has to provide either a mobile number or an email address or both.
>   2.
>
>   Can provide a preferred communication channel as Email or SMS.
>   2.
>
>Then the user will get recovery notifications based on the provided
>communication channels.
>
>
>-
>
>If the channel is email: navigate to the email and click the
>verification link to verify the user account.
>-
>
>If the channel is SMS: provide the received OTP during the self
>registration phase and confirm the user account.
>
> *Solution*
>
>-
>
>In a self registration request following claims are required for the
>server to initiate an account verification request.
>-
>
>   Either mobile number or email address claims or both claims (At
>   least one claim should be in the request).
>   -
>
>  Mobile claim: http://wso2.org/claims/mobile
>  -
>
>  Email claim: http://wso2.org/claims/emailaddress
>  -
>
>If any of the above channels are verified external to the Identity
>Server, Phone Verified and Email Verified claims needs to be in the
>request with value being set to TRUE.
>-
>
>   Eg: If the mobile is already verified, then Phone verified request
>   needs to be in the self registration request with value being set to 
> TRUE.
>   -
>
>   Phone Verified: http://wso2.org/claims/identity/mobileVerified
>   -
>
>   Email Verified: http://wso2.org/claims/identity/emailVerified
>
>
>-
>
>A claim with users preference can be included in the request.
>-
>
>   This claim is optional but it is recommended to send the claim with
>   the request).
>   -
>
>   The claim should be as follows.
>   -
>
>  Preferred Channel:
>  http://wso2.org/claims/identity/preferredChannel
>  -
>
>User Self Registration should be configured for the respective tenant
>(Refer to the User Self Registration Configurations in the appendix).
>-
>
>Once the server receives a self registration request, server will send
>notifications to the user by resolving the communication channel
>internally. Notification channel resolution will be as follows.
>
> Communication Channel Selection Criteria
>
>1.
>
>If the user has only provided email address or mobile number as the
>communication channel and,
>1.
>
>   Not specified the preferred channel: communication will happen via
>   the given channel in the request.
>
> (Eg: If only the mobile is provided, mobile will be considered as the
> preferred channel.
>
>1.
>
>Specified the preferred channel:
>1.
>
>   Preferred channel matches the given claim: communication via
>   preferred channel
>
> (Eg: Preferred channel: SMS and given a mobile number)
>
>1.
>
>Preferred channel does not match the claim: 400 ERROR
>
> (Eg: Preferred channel: SMS but not given a mobile number)
>
> Note: This means that there is a claim bound with a specific
> communication channel
>
> Channel: EMAIL -> Claim: http://wso2.org/claims/emailaddress
>
> Channel: SMS -> Claim: http://wso2.org/claims/mobile
>
>1.
>
>If the user has provided both email and mobile as communication
>channels.
>1.
>
>   Specified the preferred channel: communication via preferred channel
>   2.
>
>   Not specified the preferred channel: communication via the server
>   default channel.
>
>
>-
>
>Once the communication channel is resolved, an event will be
>triggered. The event name would be in the following format.
>-
>
>   Event name: TRIGGER__NOTIFICATION
>   -
>
>   Communication channels supported with this scope:
>   -
>
>  SMS
>  -
>
>  EMAIL
>  -
>
>Once the event is triggered notification handlers will send
>notifications to the user.
>
> *Deliverables*
>
> We have planned to deliver the solution according to the following phases.
>
>1.
>
>Phase 1
>
>Support mobile and email channels for Self registration APIs.
>
>
>1.
>
>Phase 2
>
> Support mobile and email channels for self registration via SCIM/ME
> endpoint.
>
>1.
>
>Phase 3
>
> Provide UI support for account confirmation via mobile and email channels.
> Current Status
>
> Currently, I'm in phase 1, implementing APIs to