WSO2 Changelog

Asgardeo now supports enhanced controls to govern OTP retry and resend attempts within a single authentication session, enabling administrators to mitigate brute-force attacks and optimize SMS/Email delivery costs while preserving a smooth user experience.

Key capabilities include:

• Configurable retry limits: Define the maximum number of times a user can attempt to verify a one-time password before the authentication session is terminated.
• Configurable resend limits: Set strict thresholds on how many times a user can request a new OTP within the same session to prevent misuse and reduce delivery costs.
• Adaptive authentication script integration: Configure and enforce these limits through adaptive authentication scripts, allowing fine-grained control over throttling and termination behavior.
• Cross-flow support: Apply these controls consistently across both API-based and redirect-based authentication flows.

Documentation: 

• https://wso2.com/asgardeo/docs/guides/authentication/conditional-auth/otp-retry-resend-limits/