Validate OTP
Validates a one-time passcode (OTP) that the user enters in the client within a web to mobile authentication or transaction signing flow, matching the code displayed in the web journey.
About client-facing steps
A journey is a sequence of steps that are executed when it's invoked by a client application (known as the "client"). Some steps require involvement from the client, such as to collect user input. Other steps, like validating a token, are executed in the backend by the Mosaic journey engine alone.
When invoked, the journey begins executing the steps while the client waits for further instructions. When a journey reaches a client-facing step, the journey asks the client for the required input and then waits for the client to respond. The client presents their own UI if user interaction is required, and returns input to the journey. The journey then proceeds in a similar manner until it's completed.
Description
In the context of web to mobile authentication or transaction signing journeys, this step instructs the client application to present a form on the user’s mobile device, where the user enters an OTP that was displayed in the web journey (for example, when Display Web OTP is enabled in the Web to Mobile step).
The web journey waits for the client to submit the user’s input and validates it against the code generated earlier for the session.
This step is designed to be used in a dedicated mobile journey. This journey is specifically called by the Web to mobile authentication and [Web to mobile transaction signing(/guides/orchestration/journeys/transactionsigningmobile_approve/)] steps, which handle the initial authentication request from the web application. When the Display Web OTP parameter is enabled in these steps, the journey engine automatically invokes the mobile journey containing the Validate OTP step to complete the authentication process.
Note
The code length, expiry, failed-attempts limit, and lockout duration are inherited from the application’s OTP Authentication Method settings configuration.
If validation succeeds, the journey proceeds to the next step. If it fails, the journey follows the configured failure behavior.
No client-side code is needed to handle the OTP. It is automatically displayed and processed by Mosaic; the mobile app handles validation in the Validate OTP step
Configuration
| Field | Description |
|---|---|
| Error Output Variable | Name of the variable that stores any error returned by the step. |
| Failure Behavior | Determines the behavior in case of failure, which either aborts the journey or proceeds to a failure branch of the control flow (default). |