Skip to content

OTP Code Resend Mechanism #13

New issue
New issue
Open
Open
OTP Code Resend Mechanism#13
Assignees
classyk12
Labels
enhancementNew feature or requestgood first issueGood for newcomerssecurity
Milestone
OTP Feature Set
@classyk12

Description

@classyk12
classyk12
opened on Jul 26, 2025

Description

Add a robust and secure OTP resend mechanism to complement the OTP code generator feature. This will allow users to request a new OTP if the previous one expires or is not received, while protecting the system from abuse (e.g., spamming resend requests).

Acceptance Criteria

  1. Controller Endpoint to trigger OTP resend: POST /auth/resend-otp
  2. Validate phoneNumber before sending
  3. Limit resend attempts (e.g., max 3 within 10 minutes)
  4. Use same OTP if still valid; generate a new one only if expired
  5. Store/send via preferred channel (WhatsApp).

Suggested Implementation

  • Add a ResendOtpRequest DTO
  • Extend existing OtpService with ResendOtpAsync(phoneNumber)
  • Use timestamp tracking to throttle excessive requests
  • Consider integrating Redis for rate-limiting
  • Unit test different edge cases: expired OTP, excessive requests, etc.

Feel free to drop a comment if you need clarification

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestgood first issueGood for newcomerssecurity

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions