Ability for users to sign up via SMS (Rails)

Question

I am working on a rails application where the main user model is authenticable by mobile number and a password. This all works fine through the website.

What I would like to do is enable a user to access all the same functions of the web app using solely an old school cell phone - that is purely via SMS. I have already enabled some of the web app functions via SMS using Twilio but I was unsure how to go about handling the creation of a user password via SMS in a secure manner.

What I would like:

1. User sends the word "LOAN" to our Twilio number.
2. This creates an account on our system based on their mobile_number. However, a password is required in order to persist a user in the DB so this will need to also be generated here.
3. An SMS is sent to the user with their password in a secure manner.

I imagine my TwilioController action will look something like this:

def sign_up
  if params["Body"] == "LOAN"
    user = User.create(mobile_number: params["From"], password: __?__)
    user.sms_sign_up # method to send the sms to the user
  else
    send_failure_sms(params["From"])
  end
end

I am already familiar with how to set this up on my Twilio account using TwiML apps - I am only interested in understanding how to manage the password aspect of this problem! Thanks

EDIT: I have seen that Devise provides the method #friendly_token. Is this something that would be useful in this case?

Answer 1

Twilio developer evangelist here.

I think your edit is the answer! I've found other Stack Overflow answers that advocate the use of Devise.friendly_token as well as this How to on generating passwords in Devise.