Reputation: 335
One-Time User Authentication with SMS Using Django and Twilio
I am writing a back-end in Django for a mobile app I am creating. I need to authenticate a user the first time they open the mobile app through SMS to verify it is a real person. What needs to happen is the following: user enters phone number in app, server then sends SMS message to user with authentication code, user then enters authentication code in app and server verifies that the code they entered in the app is the same one they received through SMS.
I need to use Twilio with my Django project. I just need to know what would be the best way to go about this? The front-end side of this (the mobile app) is not what I am asking about, I am asking about the code on the back-end that should be implemented. I am struggling to find up to date documentation for django-twilio integration that could do this.
Upvotes: 18
Views: 21243
Answers (4)
Reputation: 1421
Disclaimer: I'm the maintainer of Django-phone-verify
What you're looking to accomplish is very easy with django-phone-verify app. It comes with Twilio & Nexmo already integrated and a few endpoints which you can extend as per your use case.
This package aims at verifying if a phone number requested by a particular client belongs to them. It also takes care of ensuring that the same device provides the verification of the passcode which initially requested a passcode to be sent, saving you a few hours of work.
This package also doesn't mess up with your current user model at all. You're free to use this package exactly for one thing: verifying phone numbers. Whether you do it for users, companies, etc. depends on your use case.
It follows the Unix philosophy of Do one thing; do it well
Installation
pip install django-phone-verify
Configuration
- Add app to INSTALLED_APPS:
# In settings.py:
INSTALLED_APPS = [
...
'phone_verify',
]
- Add settings in your
settings.pyfile:
# Settings for phone_verify
PHONE_VERIFICATION = {
'BACKEND': 'phone_verify.backends.twilio.TwilioBackend',
'TWILIO_SANDBOX_TOKEN':'123456',
'OPTIONS': {
'SID': 'fake',
'SECRET': 'fake',
'FROM': '+14755292729'
},
'TOKEN_LENGTH': 6,
'MESSAGE': 'Welcome to {app}! Please use security code {otp} to proceed.',
'APP_NAME': 'Phone Verify',
'OTP_EXPIRATION_TIME': 3600 # In seconds only
}
- Migrate the database:
python manage.py migrate
You get two endpoints (Check API docs), one for registration of phone number and the other to verify the passcode. You may override verify endpoint to also create a user as described in the usage docs: https://github.com/CuriousLearner/django-phone-verify/blob/master/docs/usage.rst
Upvotes: 4
Reputation: 1244
Twilio evangelist and maintainer of django-twilio here.
What you're looking to build is something very easy to do, I can outline the steps for you here:
- Create a Django model that stores a user's number and a generated passcode
- When a new user is created, take their number and SMS them the code using the Twilio REST API
- When they enter the passcode you sent them, cross reference it with the one stored in the database.
- If the number is right: verify them, if not, tell them it is wrong and offer to send them an SMS again.
Upvotes: 26
Reputation: 110
Recently I was looking for any library or scheme to sign-in/sign-up users through sms (send sms code and then validate).
Short solution:
- Create sms model to generate code for phone number
- Send sms with code to client (for example, use twillio)
- User got code. And send phone_number + code
- Validate it. Response any useful information
Also:
- You must to use async code or celery to send sms
- Add sms lifetime (for example, 30 seconds)
- Clean phone number to valid format
- Get or create user by phone number
You may to use this library, for example: https://github.com/a1k89/django-rest-sms-auth
Upvotes: 1
Reputation: 728
You can use django-passcode as an app in your project. It exposes APIs to "register" a mobile number and "verify" through SMS based passcode. It uses mobile number and device id pair as unique. It also generates and returns a token for future authorization requests from mobile app. You can use Twilio or any other SMS api to send sms.
https://github.com/sgurminder/django-passcode
I appreciate your feedback for django-passcode
Upvotes: 6
Related Questions
- how to use twilio webhook to reply to an sms in production
- Twilio - how to handle inbound sms
- How to realize sending otp on the phone?
- Twilio django send SMS and get answer using SMS as parameter
- Twilio Receive SMS Security
- Setting up a Twilio gateway with django-two-factor-auth
- Django | twilio to send SMS
- How to initiate SMS from django twilio
- Password Reset Through sms in django
- Twilio/Django not receiving response SMS