问题
I am writing a back-end in Django for a mobile app I am creating. I need to authenticate a user the first time they open the mobile app through SMS to verify it is a real person. What needs to happen is the following: user enters phone number in app, server then sends SMS message to user with authentication code, user then enters authentication code in app and server verifies that the code they entered in the app is the same one they received through SMS.
I need to use Twilio with my Django project. I just need to know what would be the best way to go about this? The front-end side of this (the mobile app) is not what I am asking about, I am asking about the code on the back-end that should be implemented. I am struggling to find up to date documentation for django-twilio integration that could do this.
回答1:
Twilio evangelist and maintainer of django-twilio here.
What you're looking to build is something very easy to do, I can outline the steps for you here:
- Create a Django model that stores a user's number and a generated passcode
- When a new user is created, take their number and SMS them the code using the Twilio REST API
- When they enter the passcode you sent them, cross reference it with the one stored in the database.
- If the number is right: verify them, if not, tell them it is wrong and offer to send them an SMS again.
I hope that is clear, if you have any more questions, feel free to get in touch at paul@twilio.com
回答2:
You can use django-passcode as an app in your project. It exposes APIs to "register" a mobile number and "verify" through SMS based passcode. It uses mobile number and device id pair as unique. It also generates and returns a token for future authorization requests from mobile app. You can use Twilio or any other SMS api to send sms.
https://github.com/sgurminder/django-passcode
I appreciate your feedback for django-passcode
回答3:
Disclaimer: I'm the maintainer of Django-phone-verify
What you're looking to accomplish is very easy with django-phone-verify app. It comes with Twilio already integrated and few endpoints which you can extend as per your use case.
This package aims at verifying if a phone number requested by a particular client belongs to them. It also takes care of ensuring that the same device provides the verification of passcode which intially requested a passcode to be sent, saving you a few hours of work.
This package also doesn't messes up with your current user model at all. You're free to use this package exactly for one thing: verifying phone numbers. Whether you do it for users, companies, etc. depends on your use-case.
It follows Unix philosphy of Do one thing; do it well
Installation
pip install django-phone-verify
Configuration
- Add app to INSTALLED_APPS:
# In settings.py:
INSTALLED_APPS = [
...
'phone_verify',
]
- Add settings in your
settings.pyfile:
# Settings for phone_verify
PHONE_VERIFICATION = {
'BACKEND': 'phone_verify.backends.twilio.TwilioBackend',
'TWILIO_SANDBOX_TOKEN':'123456',
'OPTIONS': {
'SID': 'fake',
'SECRET': 'fake',
'FROM': '+14755292729'
},
'TOKEN_LENGTH': 6,
'MESSAGE': 'Welcome to {app}! Please use security code {otp} to proceed.',
'APP_NAME': 'Phone Verify',
'OTP_EXPIRATION_TIME': 3600 # In seconds only
}
- Migrate the database:
python manage.py migrate
You get two endpoints (Check API docs), one for registration of phone number and other to verify the passcode. You may override verify endpoint to also create a user as described in the usage docs: https://github.com/CuriousLearner/django-phone-verify/blob/master/docs/usage.rst
来源:https://stackoverflow.com/questions/26718151/one-time-user-authentication-with-sms-using-django-and-twilio