Login oAuth using just phone number

We want to use SSO for our community. We want to use our company’s login. For my company’s login, we take phone number and validate the same via OTP. Upon successful OTP verification we generate the session. Email id is not the part of our login flow.

I have read the SSO documents and kindly confirm the understanding.

We can use phone number & OTP for sign-up but additionally user will have to add email and verify the email for the first sign up as discourse requires email while account creation.

For subsequent logins, email verification is not needed. Is that correct?