I'm using Twitter Digits to authenticate our users on both iOS and Android. For the last few days, I'm receiving various user reports saying that the verification SMS code never arrives... It's happening to me as well. The verification code is never sent but the "Call" option works fine.
I'm in Brazil right now but my phone has a US number and I receive/send other SMS just fine.
Related
I've been unable to login to twilio for the last few days. I'm stuck during the two factor authentication process. When I use the SMS option, my phone doesn't receive the message even after several attempts. This morning I tried to request the code via call but it says You have reached the limit to resend the code. Please use another method or try again later. but this is the first time I've tried requesting the code via call. The SMS option worked fine until a couple weeks ago so I have never needed to use the call option.
What can I do to login to my twilio account?
I am using an Identity and Access Management(IAM) vendor who provide a Multi-Factor Authentication (MFA) Service (using SMS and other channels). They use Twilio as their SMS service provider and what I see currently is a behaviour (described in the scenario below) from my IAM provider which is strange and wondering what the underlying Twilio API's behavior is.
I am unable to see this info from the Twilio API docs hence seeking assistance.
Scenario:
Customer uses IAM to login and my IAM provider using Twilio sends a OTP
The OTP comes through but in my test case, I trigger the resend OTP process
In both the steps, I get the right message (the template and senderID that we have configured in the IAM tool)
If I now trigger the OTP resend process a second time (3rd OTP in total for the same number), we receive a message which has AUTHMSG as the senderid and uses a default template message (which is different from what we have configured).
I am working with my IAM vendor to understand what is happening here and I am trying to see if Twilio is playing a part in this (trying to do some smarts as they think that there is some SMS delivery issue - which is the message I am in a way communicating by hitting the resend OTP multiple times)
Is AUTHMSG a senderID that is owned by Twilio? I don't believe so but I am trying to better understand this space.
SenderID is a construct that varies from country to country. Some Contries mandate that users register it with the local regulators while in other countries there is no explicit registration process.
I am worried that if my customers receive this message, they are going to be confused and suspect a Spam/Phishing kind of an activity.
I attempted a similar exercise with PayPal and they were consistent in their SMS OTP Resend. The message was always the same. Unlike my IAM provider, PayPal sends OTP from multiple mobile numbers. In my tests I observed them sending OTPs from two distinct mobile numbers.
Would be glad if someone could assist and provide info in this space.
I will continue to work with my IAM provider and their support channel to see what is happening here.
When using Twilio Verify in a country that supports alphanumeric sender IDs, Twilio uses the AUTHMSG sender ID and registers it with countries around the world that require this, to ensure the best deliverability of OTP messages.
I think you will need to work with your IAM provider, and work out how they have implemented sending OTP messages to see what is going on here. If it is unclear, then you or the IAM provider may also have to contact Twilio support.
In a mobile app, users register themselves based on their phone numbers (like WhatsApp, Uber, Careem etc). User enters his phone Number, app sends him verification code, then user sends back that verification code, app verifies if the verification code sent by user is correct.
My question is that what should we call the part of the process where the app verifies the verification code? Verification Of User Or Verification Of Phone Number? Which makes more sense? And Why? Which is standard?
It verify both user and mobile no. Mobile no is used as identity of the user. So it is helpful in the future when user forget his password . So we can say it verify mobile which is further linked to the user.
This is an authentication flow, which logs in the user with only the phone number provided (Whatsapp style). The Steps are:
User enters phone number and sent to server.
Server generated 4 digit random key, and save the pair (phone,key) in DB.
Server asks 3rd party SMS service to send key to phone.
SMS service sends message.
User enters the key from sms, and together with phone, sent to server.
Server checks the pair against the DB.
If pair exists, server sends back a token for further calls.
What I am trying to understand is where services like Twilio and Nexmo fit in (or replace parts of the flow).
From what I understand, looking at Nexmo for example,
I can replace steps 2 and 3 with an API call to:
https://api.nexmo.com/verify/
and save the request_id from the response in the DB as pair (phone,request_id).
And now, when the user enters a 4 digit code and sends it back,
I need to call:
https://api.nexmo.com/verify/check/json
providing it with request_id and code.
But where do I get the request_id?
Do the server needs to send it back to the client, the moment it gets it from Nexmo?
I can't see the benefits of using Nexmo here, what will it save me?
Answer to your first question: the request_id is part of the response to the first verify API call. See: https://docs.nexmo.com/index.php/verify/verify
As to what are the benefits of Nexmo here, I believe you have two options:
Generate your own code, use Nexmo to text it to your user, have the user submit the code back to your application, verify code against your own database.
Use Nexmo verify service to generate and send the code to the user, store the returned request_id in your db, have user submit code to your application, call Nexmo verify API to validate code.
In some ways the first option is easier as it is less API calls. However the benefit of the second option, using Nexmo Verify, is that they provide a whole lot more capabilities into the service to fall back to a voice call if SMS isn't working, filter out virtual phone numbers to prevent spam, you don't have to pay for failed SMS attempts, reporting/analytics, etc. etc.
Hopefully that helps a little.
Hi i am building a website which needs to send sms.
Scenario is User will create his/her account using his/her mobile no.
After that he can send sms through website to any mobile number.
When the end user receive the sms the sender no should be the same the number with which he registered.
I want to code it in C#
The similar thing has been done and the code has been released for a 3rd party SMS Gateway called Way2SMS here at Code Globe. http://www.codeglobe.in/index.php?option=com_content&view=category&layout=blog&id=30&Itemid=36