[Fixed]-One-Time User Authentication with SMS Using Django and Twilio

25đź‘Ť

âś…

Twilio evangelist and maintainer of django-twilio here.

What you’re looking to build is something very easy to do, I can outline the steps for you here:

  • Create a Django model that stores a user’s number and a generated passcode
  • When a new user is created, take their number and SMS them the code using the Twilio REST API
  • When they enter the passcode you sent them, cross reference it with the one stored in the database.
  • If the number is right: verify them, if not, tell them it is wrong and offer to send them an SMS again.
👤phalt

6đź‘Ť

You can use django-passcode as an app in your project.
It exposes APIs to “register” a mobile number and “verify” through SMS based passcode. It uses mobile number and device id pair as unique. It also generates and returns a token for future authorization requests from mobile app. You can use Twilio or any other SMS api to send sms.

https://github.com/sgurminder/django-passcode

I appreciate your feedback for django-passcode

👤s007

4đź‘Ť

Disclaimer: I’m the maintainer of Django-phone-verify

What you’re looking to accomplish is very easy with django-phone-verify app. It comes with Twilio & Nexmo already integrated and a few endpoints which you can extend as per your use case.

This package aims at verifying if a phone number requested by a particular client belongs to them. It also takes care of ensuring that the same device provides the verification of the passcode which initially requested a passcode to be sent, saving you a few hours of work.

This package also doesn’t mess up with your current user model at all. You’re free to use this package exactly for one thing: verifying phone numbers. Whether you do it for users, companies, etc. depends on your use case.

It follows the Unix philosophy of Do one thing; do it well

Installation

pip install django-phone-verify

Configuration

  • Add app to INSTALLED_APPS:
    # In settings.py:

    INSTALLED_APPS = [
        ...
        'phone_verify',
    ]
  • Add settings in your settings.py file:
    # Settings for phone_verify
    PHONE_VERIFICATION = {
        'BACKEND': 'phone_verify.backends.twilio.TwilioBackend',
        'TWILIO_SANDBOX_TOKEN':'123456',
        'OPTIONS': {
            'SID': 'fake',
            'SECRET': 'fake',
            'FROM': '+14755292729'
        },
        'TOKEN_LENGTH': 6,
        'MESSAGE': 'Welcome to {app}! Please use security code {otp} to proceed.',
        'APP_NAME': 'Phone Verify',
        'OTP_EXPIRATION_TIME': 3600  # In seconds only
    }
  • Migrate the database:
    python manage.py migrate

You get two endpoints (Check API docs), one for registration of phone number and the other to verify the passcode. You may override verify endpoint to also create a user as described in the usage docs: https://github.com/CuriousLearner/django-phone-verify/blob/master/docs/usage.rst

1đź‘Ť

Recently I was looking for any library or scheme to sign-in/sign-up users through sms (send sms code and then validate).

Short solution:

  1. Create sms model to generate code for phone number
  2. Send sms with code to client (for example, use twillio)
  3. User got code. And send phone_number + code
  4. Validate it. Response any useful information

Also:

  1. You must to use async code or celery to send sms
  2. Add sms lifetime (for example, 30 seconds)
  3. Clean phone number to valid format
  4. Get or create user by phone number

You may to use this library, for example:
https://github.com/a1k89/django-rest-sms-auth

👤a1k89

Leave a comment