Verify user during signup by sending and receiving sms through Twilio

Question

I am trying to verify user by sending sms through twilio (Android Application).

Here is the Detailed summary- (As in Snapchat) During signup i want to validate user by sending dynamic run-time code to user mobile. and after sending i have the verification field.

so what should i do ?

Answer 1

Twilio employee here.

This is a really common use case for Twilio and plenty of apps do the "phone number verification" thing you're looking for.

Let me boil down the steps on how to do this in human form, as this is much easier to explain than writing a bunch of code:

1. A user will type their phone number into a field to be verified.
2. When the user has typed in their number, you can compute a unique code (4 - 6 digits is all you need) however you like, and then use our REST API to send the number they entered the code.
3. At this point, you should save the unique code so you can reference it later.
4. Prompt the user to enter the code into a field within your app.
5. Compare the entered code to unique number you stored them and viola!

If the code is the same: you know that they own the phone number that you sent the message to. A very similar process is described in this 2-factor authentication how-to.

I hope that makes sense.

If you have any questions, please ask.

Answer 2

Disclaimer: I'm the maintainer of Django-phone-verify

While phait's answer is apt. People had asked in comments of the relevant apps with which they could accomplish user verification. Most of this is from my previous answer at https://stackoverflow.com/a/57461296/3535547 I'm just pasting an updated answer in this thread so that it is easier for users to find it.

What you're looking to accomplish is very easy with django-phone-verify app. It comes with Twilio and Nexmo already integrated and few endpoints which you can extend as per your use case.

This package aims at verifying if a phone number requested by a particular client belongs to them. It also takes care of ensuring that the same device provides the verification of passcode which initially requested a passcode to be sent, saving you a few hours of work.

This package also doesn't mess up with your current user model at all. You're free to use this package exactly for one thing: verifying phone numbers. Whether you do it for users, companies etc. depends on your use-case.

It follows Unix philosophy of Do one thing; do it well

Installation

pip install django-phone-verify

Configuration

• Add app to INSTALLED_APPS:

    # In settings.py:

    INSTALLED_APPS = [
        ...
        'phone_verify',
    ]

• Add settings in your settings.py file:

    # Settings for phone_verify
    PHONE_VERIFICATION = {
        'BACKEND': 'phone_verify.backends.twilio.TwilioBackend',
        'TWILIO_SANDBOX_TOKEN':'123456',
        'OPTIONS': {
            'SID': 'fake',
            'SECRET': 'fake',
            'FROM': '+14755292729'
        },
        'TOKEN_LENGTH': 6,
        'MESSAGE': 'Welcome to {app}! Please use security code {otp} to proceed.',
        'APP_NAME': 'Phone Verify',
        'OTP_EXPIRATION_TIME': 3600  # In seconds only
    }

• Migrate the database:

    python manage.py migrate

You get two endpoints (Check API docs), one for registration of phone number and other to verify the passcode. You may override verify endpoint to also create a user as described in the usage docs: https://github.com/CuriousLearner/django-phone-verify/blob/master/docs/usage.rst

Update: Django-Phone-Verify 3.0 released and it supports both Nexmo and Twilio out of the box.