Cannot Verify Phone

[andy-shi88]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

https://compassionate-bohr-ltbpn4m0vu.projects.oryapis.com

Describe the bug

I'm trying to verify the traits.phone on my user.

On updating profile's phone trait, it does marked as unverified and the sms comes through to my webhook, but there's no way I can use this code.
The response on the setting does not contain continue_with for verification flow id. I only get

 "continue_with": [
    {
      "action": "redirect_browser_to",
      "redirect_browser_to": "http://andy-ubuntu:4000/ui/settings?flow=807e35fb-00e5-426c-ac74-e0aab0b4b029"
    }
  ]

Using the create verification flow also only returns email as the available method for sending the code.

Reproducing the bug

- case 1: via update setting

• Create account
• Create Setting Flow
• Update phone number
• Update Setting Flow
• Phone updated, get verification code, but don't get flow for inputting the code.

- case 2: via get verification flow

• same steps up to update setting flow as case 1
• the verification flow only have email as available method for verification
• phone is in the session's verifiable addresses thou.

Relevant log output

No response

Relevant configuration

{
    "$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
    "$schema": "http://json-schema.org/draft-07/schema#",
    "title": "Person",
    "type": "object",
    "properties": {
      "traits": {
        "type": "object",
        "properties": {
          "email": {
            "type": "string",
            "format": "email",
            "title": "E-Mail",
            "ory.sh/kratos": {
              "credentials": {
                "password": {
                  "identifier": true
                },
                "webauthn": {
                  "identifier": true
                },
                "totp": {
                  "account_name": true
                },
                "code": {
                  "identifier": true,
                  "via": "email"
                },
                "passkey": {
                  "display_name": true
                }
              },
              "recovery": {
                "via": "email"
              },
              "verification": {
                "via": "email"
              }
            },
            "maxLength": 320
          },
          "name": {
            "type": "object",
            "properties": {
              "first": {
                "title": "First name",
                "type": "string"
              },
              "last": {
                "title": "Last name",
                "type": "string"
              }
            }
          },
          "phone": {
            "type": "string",
            "title": "Phone",
            "format": "tel",
            "ory.sh/kratos": {
              "verification": {
                  "via": "sms"
              }
            }
          },
          "date_of_birth": {
            "type": "string",
            "title": "Date Of Birth"
          },
          "referral_code": {
            "type": "string",
            "title": "Referral Code"
          },
          "general_consent_version": {
            "type": "string",
            "title": "General Consent Version"
          }
        },
        
        "required": [
          "email",
          "name",
          "general_consent_version"
        ],
        "additionalProperties": false
      }
    }
  }

Version

Ory Network

On which operating system are you observing this issue?

Ory Network

In which environment are you deploying?

Ory Network

Additional Context

I'm able to get show_verification_ui continue_with response when I remove verification from email in the identity schema, and the verification works well

"continue_with": [
        {
            "action": "show_verification_ui",
            "flow": {
                "id": "3c2c8771-bc43-46bd-b411-412b7e0c4dae",
                "verifiable_address": "+6281312781223",
                "url": "http://andy-ubuntu:4000/ui/verification?flow=3c2c8771-bc43-46bd-b411-412b7e0c4dae"
            }
        },
        {
            "action": "redirect_browser_to",
            "redirect_browser_to": "http://andy-ubuntu:4000/ui/settings?flow=22ec417b-497e-4ee3-a351-78c056f3c858"
        }
    ]

But still, even with this I still only see email when I get login flow with aal2

[aeneasr]

Thank you for the report, that does look like a bug

[andy-shi88]

update:
we're able to verify the phone number now, it's not ideal, but we do it via the login_flow.

We're already doing this in the before, but I think it's due to this changes deprecated via parameter, that our verification flow got broken.

We need to not specify the via parameter now, if we pass the via: phone then it throws Cannot login with unverified address

ory
 .createBrowserLoginFlow({
        aal: "aal2",
        returnTo: undefined,
  //   via: "phone"
      })

note: verification and continue_with still not working