How To Configure Django Authy For Two Factor Authentication

Question

I have been researching Django 2 factor for the last couple days. I've finally come to a point where I've gotten the Django Twilio phone verification to work. Here is the code the working code...

from authy.api import AuthyApiClient
from django.conf import settings
from django.shortcuts import render, redirect

from .forms import VerifyForm, TokenForm


authy_api = AuthyApiClient(settings.ACCOUNT_SECURITY_API_KEY)

def SetupView(request):
    if request.method == 'POST':
        form = VerifyForm(request.POST)
        if form.is_valid():
            request.session['phone_number'] = form.cleaned_data['phone_number']
            request.session['country_code'] = form.cleaned_data['country_code']
            authy_api.phones.verification_start(
                form.cleaned_data['phone_number'],
                form.cleaned_data['country_code'],
                via=form.cleaned_data['via']
            )
            return redirect('token_validation')
    else:
        form = VerifyForm()
    return render(request, 'registration/verify.html', {'form': form})


def token_validation(request):
    if request.method == 'POST':
        form = TokenForm(request.POST)
        if form.is_valid():
            verification = authy_api.phones.verification_check(
                request.session['phone_number'],
                request.session['country_code'],
                form.cleaned_data['token']
            )
            if verification.ok():
                request.session['is_verified'] = True
                return redirect('verified')
            else:
                for error_msg in verification.errors().values():
                    form.add_error(None, error_msg)
    else:
        form = TokenForm()
    return render(request, 'registration/token_validation.html', {'form': form})

def verified(request):
    if not request.session.get('is_verified'):
        return redirect('phone_verification')
    return render(request, 'registration/verified.html')

Using the code above along with specifying the ACCOUNT_SECURITY_API_KEY in my settings.py file is all that was required to get the code above to pass a 4 digit code to my phone. Progress...

However, what I'm really trying to accomplish is to leverage the AUTHY app to provide the login code....I've looked at the following page...https://www.twilio.com/docs/authy/quickstart/two-factor-authentication-python-django#linkcode And the code does not load on this page...does anyone have experience or know where to look so that I can get Django to work with Authy and get the code that changes every 20 seconds as opposed to the 4 digit pin example shown above? Thanks in advance for any thoughts.

Answer 1

Twilio developer evangelist here.

Your issue here is that you are using the verification API, which is for one time phone number verification and doesn't use the Authy app.

Instead you want the APIs for one time passwords. I don't know what's wrong with the tutorial you linked to, but all the code for the app can be found here: https://github.com/TwilioDevEd/account-security-quickstart-django.

Let me know if that helps at all.