Skip to content

Missing Phone Number Validation On The Clientside During Signup #8514

New issue
New issue
Open
Open
Missing Phone Number Validation On The Clientside During Signup#8514
@Onyelaudochukwuka

Description

@Onyelaudochukwuka
Onyelaudochukwuka
opened on Dec 8, 2025

Users attempting to sign up with phone authentication are repeatedly entering invalid Nigerian phone numbers in the format +234 0xxxx…. The leading 0 should be removed when using the country code, but Thirdweb does not flag or correct this. As a result, the user proceeds believing the number is valid, but the authentication fails without any clear feedback.

This issue has been consistently observed in session recordings and backend logs.

Screenshot: User-entered phone number (incorrect format)

Session showing user entering +234 0xxxx…

Screenshot: Network logs of the attempted sign-up

Log showing the phone number as submitted

Expected Behavior

  • Thirdweb should detect and reject invalid phone number formats such as +234 0xxxx….

  • The modal should either:

    • Display a clear validation error, or
    • Automatically strip the leading zero and normalize the number.

Actual Behavior

  • Incorrect numbers like +234 0xxxx… pass through the UI with no warning.
  • The sign-up ultimately fails silently.
  • Users cannot understand why the OTP never arrives.

Steps to Reproduce

  1. Initiate signup using phone authentication.
  2. Select Nigeria (+234).
  3. Enter a phone number beginning with a leading 0 (e.g., +234 0812…).
  4. Submit.
  5. Observe that no validation or warning appears, but the signup does not succeed.

Impact

  • Users are stuck at signup without explanation.
  • Support load increases because the issue isn’t user-correctable.
  • This problem affects all Nigerian users who follow the standard local number format.

Notes

I recommend that Thirdweb implement client-side phone number validation based on the selected country.
If the entered phone number is invalid for that country’s numbering rules (e.g., Nigerian numbers containing a leading 0 after +234), the “Continue” button should remain disabled until the input is corrected.

This ensures that users never reach the “Failed to send verification code” state due to formatting mistakes, because invalid numbers are caught before any server-side request is made. This would prevent user confusion and significantly reduce failed signup attempts.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions