发表新帖
发表新帖

One-Time User Authentication with SMS Using Django and Twilio

前端 未结
关注
3 1677
小鲜肉
小鲜肉 2021-02-05 16:26

I am writing a back-end in Django for a mobile app I am creating. I need to authenticate a user the first time they open the mobile app through SMS to verify it is a real person

相关标签:
3条回答
  • 旧时难觅i
    2021-02-05 16:45

    Disclaimer: I'm the maintainer of Django-phone-verify

    What you're looking to accomplish is very easy with django-phone-verify app. It comes with Twilio already integrated and few endpoints which you can extend as per your use case.

    This package aims at verifying if a phone number requested by a particular client belongs to them. It also takes care of ensuring that the same device provides the verification of passcode which intially requested a passcode to be sent, saving you a few hours of work.

    This package also doesn't messes up with your current user model at all. You're free to use this package exactly for one thing: verifying phone numbers. Whether you do it for users, companies, etc. depends on your use-case.

    It follows Unix philosphy of Do one thing; do it well

    Installation

    pip install django-phone-verify

    Configuration

    • Add app to INSTALLED_APPS:
        # In settings.py:

    INSTALLED_APPS = [
        ...
        'phone_verify',
    ]
    • Add settings in your settings.py file:
        # Settings for phone_verify
    PHONE_VERIFICATION = {
        'BACKEND': 'phone_verify.backends.twilio.TwilioBackend',
        'TWILIO_SANDBOX_TOKEN':'123456',
        'OPTIONS': {
            'SID': 'fake',
            'SECRET': 'fake',
            'FROM': '+14755292729'
        },
        'TOKEN_LENGTH': 6,
        'MESSAGE': 'Welcome to {app}! Please use security code {otp} to proceed.',
        'APP_NAME': 'Phone Verify',
        'OTP_EXPIRATION_TIME': 3600  # In seconds only
    }
    • Migrate the database:
        python manage.py migrate

    You get two endpoints (Check API docs), one for registration of phone number and other to verify the passcode. You may override verify endpoint to also create a user as described in the usage docs: https://github.com/CuriousLearner/django-phone-verify/blob/master/docs/usage.rst

    0 讨论(0)
  • 忘了有多久
    2021-02-05 16:57

    Twilio evangelist and maintainer of django-twilio here.

    What you're looking to build is something very easy to do, I can outline the steps for you here:

    • Create a Django model that stores a user's number and a generated passcode
    • When a new user is created, take their number and SMS them the code using the Twilio REST API
    • When they enter the passcode you sent them, cross reference it with the one stored in the database.
    • If the number is right: verify them, if not, tell them it is wrong and offer to send them an SMS again.

    I hope that is clear, if you have any more questions, feel free to get in touch at paul@twilio.com

    0 讨论(0)
  • 無奈伤痛
    2021-02-05 17:04

    You can use django-passcode as an app in your project. It exposes APIs to "register" a mobile number and "verify" through SMS based passcode. It uses mobile number and device id pair as unique. It also generates and returns a token for future authorization requests from mobile app. You can use Twilio or any other SMS api to send sms.

    https://github.com/sgurminder/django-passcode

    I appreciate your feedback for django-passcode

    0 讨论(0)
 看不清?
提交回复
热议问题