One-Time User Authentication with SMS Using Django and Twilio
Twilio evangelist and maintainer of django-twilio here.
What you're looking to build is something very easy to do, I can outline the steps for you here:
- Create a Django model that stores a user's number and a generated passcode
- When a new user is created, take their number and SMS them the code using the Twilio REST API
- When they enter the passcode you sent them, cross reference it with the one stored in the database.
- If the number is right: verify them, if not, tell them it is wrong and offer to send them an SMS again.
You can use django-passcode as an app in your project. It exposes APIs to "register" a mobile number and "verify" through SMS based passcode. It uses mobile number and device id pair as unique. It also generates and returns a token for future authorization requests from mobile app. You can use Twilio or any other SMS api to send sms.
https://github.com/sgurminder/django-passcode
I appreciate your feedback for django-passcode
Disclaimer: I'm the maintainer of Django-phone-verify
What you're looking to accomplish is very easy with django-phone-verify app. It comes with Twilio already integrated and few endpoints which you can extend as per your use case.
This package aims at verifying if a phone number requested by a particular client belongs to them. It also takes care of ensuring that the same device provides the verification of passcode which intially requested a passcode to be sent, saving you a few hours of work.
This package also doesn't messes up with your current user model at all. You're free to use this package exactly for one thing: verifying phone numbers
. Whether you do it for users, companies, etc. depends on your use-case.
It follows Unix philosphy of Do one thing; do it well
Installation
pip install django-phone-verify
Configuration
- Add app to INSTALLED_APPS:
# In settings.py: INSTALLED_APPS = [ ... 'phone_verify', ]
- Add settings in your
settings.py
file:
# Settings for phone_verify PHONE_VERIFICATION = { 'BACKEND': 'phone_verify.backends.twilio.TwilioBackend', 'TWILIO_SANDBOX_TOKEN':'123456', 'OPTIONS': { 'SID': 'fake', 'SECRET': 'fake', 'FROM': '+14755292729' }, 'TOKEN_LENGTH': 6, 'MESSAGE': 'Welcome to {app}! Please use security code {otp} to proceed.', 'APP_NAME': 'Phone Verify', 'OTP_EXPIRATION_TIME': 3600 # In seconds only }
- Migrate the database:
python manage.py migrate
You get two endpoints (Check API docs), one for registration of phone number and other to verify the passcode. You may override verify endpoint to also create a user as described in the usage docs: https://github.com/CuriousLearner/django-phone-verify/blob/master/docs/usage.rst