One-Time User Authentication with SMS Using Django and Twilio
I am writing a back-end in Django for a mobile app I am creating. I need to authenticate a user the first time they open the mobile app through SMS to verify it is a real person. What needs to happen is the following: user enters phone number in app, server then sends SMS message to user with authentication code, user then enters authentication code in app and server verifies that the code they entered in the app is the same one they received through SMS.
I need to use Twilio with my Django project. I just need to know what would be the best way to go about this? The front-end side of this (the mobile app) is not what I am asking about, I am asking about the code on the back-end that should be implemented. I am struggling to find up to date documentation for django-twilio integration that could do this.
Answer
Twilio evangelist and maintainer of django-twilio here.
What you're looking to build is something very easy to do, I can outline the steps for you here:
- Create a Django model that stores a user's number and a generated passcode
- When a new user is created, take their number and SMS them the code using the Twilio REST API
- When they enter the passcode you sent them, cross reference it with the one stored in the database.
- If the number is right: verify them, if not, tell them it is wrong and offer to send them an SMS again.
I hope that is clear, if you have any more questions, feel free to get in touch at [email protected]