0

I'm generating phone number token using GenerateChangePhoneNumberTokenAsync() after creating the user using UserManager. I consistently see that GenerateChangePhoneNumberTokenAsync() does not create a record in AspNetUserTokens table even though the token is generated. Phone verification fails because of this.

I also call GenerateEmailConfirmationTokenAsync() to verify the email. But email verification is successful even though there is no record in AspNetUserTokens table. Can anyone shed light on why GenerateChangePhoneNumberTokenAsync not persisting AspNetUserTokens record?

Platform: .Net 5

Snippet below:

using (var scope = TransactionUtil.CreateAsyncTransactionScope())
{

    var result = await _userManager.CreateAsync(user, createUserDto.Password).ConfigureAwait(false);
    if (!result.Succeeded)
    {
        throw new Exception("Unable to create account");
    }

    // Business logic removed for clarity

    scope.Complete();
}
await SendConfirmEmailAsync(user);
await SendPhoneNumberTokenAsync(user);


private async Task SendConfirmEmailAsync(ApplicationUser user)
{
    var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
    code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));

    // Send EMail
}

private async Task SendPhoneNumberTokenAsync(ApplicationUser user)
{
    if(user == null || string.IsNullOrEmpty(user.PhoneNumber) || user.PhoneNumberConfirmed)
        return;

    var token = await _userManager.GenerateChangePhoneNumberTokenAsync(user, user.PhoneNumber);

    // Send SMS
}
frosty
  • 2,421
  • 6
  • 26
  • 47

1 Answers1

0

I think we might have a little misunderstood here...

Both GenerateChangePhoneNumberTokenAsync and GenerateEmailConfirmationTokenAsync won't storing anything up to database.

As the code implementation that userManager.GenerateChangePhoneNumberTokenAsync would call to GenerateUserTokenAsync as we can see here, that's the same method GenerateChangePhoneNumberTokenAsync would call (only difference in params).

GenerateUserTokenAsync then call to GenerateAsync method that both PhoneNumberTokenProvider and EmailTokenProvider was just simply take from the base class TotpSecurityStampBasedTokenProvider, which again, not storing anything up to database, we can check manager.CreateSecurityTokenAsync method here if having any doubt.

The AspNetUserTokens token that mentioned above (which i believe was implemented on EF) was designed to store informations about external authentication token storage, which was already answered here.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Gordon Khanh Ng.
  • 1,352
  • 5
  • 12