Skip to content

OTP -> Enclaves Documentation#594

Merged
andrewkmin merged 8 commits intomainfrom
feat/otp-enclave-security-docs
Mar 25, 2026
Merged

OTP -> Enclaves Documentation#594
andrewkmin merged 8 commits intomainfrom
feat/otp-enclave-security-docs

Conversation

@omkarshanbhag
Copy link
Copy Markdown
Contributor

@omkarshanbhag omkarshanbhag commented Mar 18, 2026

No description provided.

@omkarshanbhag omkarshanbhag requested a review from moeodeh3 March 18, 2026 23:16
@andrewkmin andrewkmin requested a review from t-vila March 18, 2026 23:23
andrewkmin
andrewkmin approved these changes Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@andrewkmin andrewkmin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great! nonblocking comments.

there is one additional area we could update (h/t @t-vila for the callout): https://docs.turnkey.com/security/enclave-secure-channels#:~:text=Our%20OTP%20flows%20work%20similarly%2C%20except%20the%20bundle%20is%20not%20emailed%20to%20the%20user%20directly.%20Instead%2C%20it%20is%20returned%20as%20part%20of%20the%20OTP_AUTH%20activity%20results

Comment thread authentication/sms.mdx Outdated
Comment thread authentication/sms.mdx
Comment thread authentication/otp-migration-guide.mdx Outdated
@andrewkmin andrewkmin mentioned this pull request Mar 19, 2026
Closed
andrewkmin
andrewkmin reviewed Mar 23, 2026
View reviewed changes
Comment thread authentication/otp-migration-guide.mdx Outdated
@@ -0,0 +1,34 @@
---
title: "Updated OTP Login and Signup Flow"
Copy link
Copy Markdown
Contributor

@andrewkmin andrewkmin Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tiny nit: can we go with sentence case here?

Suggested change
title: "Updated OTP Login and Signup Flow"
title: "Updated OTP login and signup flow"

Comment thread authentication/otp-migration-guide.mdx Outdated
Comment thread authentication/otp-migration-guide.mdx Outdated
Comment thread authentication/otp-migration-guide.mdx Outdated
Comment thread authentication/otp-migration-guide.mdx Outdated
Comment thread authentication/otp-migration-guide.mdx Outdated
Comment thread security/enclave-secure-channels.mdx
@andrewkmin andrewkmin force-pushed the feat/otp-enclave-security-docs branch from 67541b9 to 4ce2207 Compare March 24, 2026 00:56
amircheikh
amircheikh reviewed Mar 24, 2026
View reviewed changes
Comment thread authentication/otp-migration-guide.mdx Outdated
The following updates are required to legacy OTP implementations to migrate to the updated OTP flow, after bumping SDK versions:

- The response shape for `ACTIVITY_TYPE_INIT_OTP_V3` now includes an `otpEncryptionTargetBundle` which is to be used during otp verification. This requires persisting state between `INIT_OTP` and `VERIFY_OTP` which means OTP flows need to be initiated and verified by the same service, or the service initiating OTP needs to pass the encryption bundle received in the response to the app client which will verify the OTP code.
- The request shape for `ACTIVITY_TYPE_VERIFY_OTP_V2` now includes an `encryptedOtpBundle` which is generated using the `otpEncryptionTargetBundle` received from `INIT_OTP`. This bundle will include a client-generated public key and the OTP code attempt.
Copy link
Copy Markdown
Contributor

@amircheikh amircheikh Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to mention somewhere in these docs that the encryptOtpCodeToBundle helper from @turnkey/crypto is used to get the encryptedOtpBundle for this step.

Looking at the SDK changelogs and these docs, we actually don't mention this anywhere!

Copy link
Copy Markdown
Contributor

@amircheikh amircheikh Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was planning on linking to these docs in the sdk changelog of this PR

andrewkmin
andrewkmin reviewed Mar 25, 2026
View reviewed changes
Comment thread authentication/otp-migration-guide.mdx Outdated
andrewkmin
andrewkmin reviewed Mar 25, 2026
View reviewed changes
Comment thread authentication/otp-migration-guide.mdx Outdated
@andrewkmin andrewkmin merged commit 980a575 into main Mar 25, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewkmin andrewkmin andrewkmin approved these changes

@amircheikh amircheikh amircheikh left review comments

@moeodeh3 moeodeh3 Awaiting requested review from moeodeh3

@t-vila t-vila Awaiting requested review from t-vila

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@omkarshanbhag @andrewkmin @amircheikh