One-time code (AKA OTP) seems to be mandatory, not optional


#1

We’ve already created an issuer profile, we populated a csv file with hardcoded identities asociated with new generated public keys (bitcoin testnet valid addresses). Using that csv file and a custom conf.ini config file we executed successfully instantiate-certificate-batch command, and certificates has been crated and validated with out issues.
This is my test profile http://181.15.155.210:1850/examples/issuer-ayi-testnet.json
Our profile has no IntroductionURL, just because we didn’t expose that service yet. Any way I understand that the one-time code is actually optional… but the mobile app does not allow me to add the issuer without OTP backend support

We are trying to bypass internal identity management implementation as this is just for testing the standard cycle… Any idea???


#2

If you’re just doing tests with hardcoded identities/public keys, then there’s no reason for you to go through the “add issuer” process on the mobile device. The add issuer process has to post to the IntroductionURL to send it the user’s public key and nonce (so the backend knows which recipient to save the public key to).


#3

yep but…
there are some problems about that. OTP is still mandatory and that’s not the spected behavior. Despite of my particular testing scenario, if I want to add an issuer without using a one-time-code, I should be able to o that.
Let say if an issuer want to be massive added in any wallet without restrictions, without controlling who is sending back his public key.
And more, correct me if I’m wrong but adding an issuer is not just for sending back your public keys, I mean is not just for knowing recipient’s public keys. That also provides you (as a recipient) the issuer public keys, and anybody that would like to check authenticity of a certificates must know the issuer public key… the process of adding an issuer provides a valuable information to a recipient, that’s not just desirable for issuers roster’s population process on issuer’s back-end


#4

There’s currently not really any other functionality to our apps by adding an issuer than providing public keys. You can import certificates without “adding issuer” and it will still check the authenticity of the certificate by checking the issuer public key.

Adding an issuer, besides providing the public key, doesn’t show you any information about about the issuer besides Name, Date added, the address you shared with it, and the issuer contact email. If there was more to it, then I’d agree, but there’s just not much value than providing public key.