Auth OTP

One-time password authentication via AWS SNS for Medusa commerce platforms

Auth OTP Plugin

Provides authentication OTP functionality with AWS SNS integration for Medusa v2.6.1+.

Features

• AWS SNS Integration: Send OTPs via SMS using AWS SNS
• OTP Expiry: Default 90-second expiration time
• Attempt Limiting: Prevent brute force attacks
• Reference Codes: Track OTP requests
• Detailed Error Responses: Clear feedback for various failure scenarios
• Security: Built-in protection against expired codes and exceeded attempts

API Endpoints

Request OTP

Send OTP to a phone number with country code

Verify OTP

Verify the submitted OTP code

Configuration

Requires the following:

• AWS SNS credentials
• JWT secret configuration
• Phone number with country code

Installation

npm install @zimpligital/medusa-plugin-auth-otp

Requirements

• Medusa v2.6.1 or higher
• AWS SNS account and credentials
• Valid phone numbers with country codes

Error Handling

The system provides detailed error responses for:

• Expired OTP codes
• Exceeded verification attempts
• Invalid phone numbers
• AWS SNS delivery failures

Security Features

• Time-limited OTP codes (90 seconds default)
• Maximum attempt restrictions
• Reference code tracking
• Secure AWS SNS delivery