feat: passwordless SMS and expiry notice in code / link templates

[aeneasr]

This feature allows Ory Kratos to use the SMS gateway for login and registration with code via SMS.

Additionally, the default email and sms templates have been updated. We now also expose ExpiresInMinutes / expires_in_minutes in the templates, making it easier to remind the user how long the code or link is valid for.

Related issue(s)

Closes #1570
Closes #3779

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security vulnerability, I
  confirm that I got the approval (please contact
  [email protected]) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

• Add e2e tests

[codecov]

Codecov Report

Attention: Patch coverage is 70.45455% with 26 lines in your changes missing coverage. Please review.

Project coverage is 78.58%. Comparing base (ad1acd5) to head (25b6bf0).
Report is 9 commits behind head on master.

Files with missing lines	Patch %	Lines
selfservice/strategy/code/code_sender.go	57.69%	10 Missing and 1 partial ⚠️
courier/courier_dispatcher.go	75.00%	4 Missing and 2 partials ⚠️
courier/sms_templates.go	0.00%	5 Missing ⚠️
courier/template/sms/registration_code_valid.go	77.77%	4 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4104      +/-   ##
==========================================
- Coverage   78.60%   78.58%   -0.03%     
==========================================
  Files         377      378       +1     
  Lines       26914    26966      +52     
==========================================
+ Hits        21156    21190      +34     
- Misses       4148     4166      +18     
  Partials     1610     1610              

Flag	Coverage Δ
	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[eddmann]

Hey 👋🏻 , thanks for all the great work you do on Ory.

I am very interested in this feature, providing the ability to support a passwordless login based on an SMS OTP. Just wondering would the flow for this authentication method be for the user to provide their phone number and then based on that identifier being present in the database it will send an SMS code to the phone number? Similar to how the Email OTP works?

[aeneasr]

The feature behaves the same, it's just supporting another notification channel now.

[eddmann]

Great, apologies for another question. To expand upon this will the user supply their email address or phone number and based on that send the login code to the relevant notification channel?

For example, sending the following request would send an email notification:

<input name="identifier" value={emailAddress} />

And sending the following request would send an SMS notification, providing the phone number is an identifier?

<input name="identifier" value={phoneNumber} />

or can we supply the email address as the identifier but send an SMS OTP instead, perhaps with an additional parameter?

<input name="channel" value="phone|email" />

[eddmann]

Thank you for working on this new behaviour, just wondering if there is an ETA for a new release to be made which includes this new feature? :)