How can I integrate otp verification in php while signup - verification

I just wanted to integrate a sms otp verification method for verification while signup using msg91 not sendOTP. How can I do this kindly help.

To verify a phone number or OTP , you need to do it in three steps :
When user requests OTP or you generate it, you need to store the OTP in database or in memory with that phonenumber and the user.
Send that OTP to mobile number using MSG91's API(http://api.msg91.com/apidoc/textsms/send-sms.php#sendcontent)
When user inputs the received OTP, search that in the database with phonenumber and OTP,if found verify the user stored with that phonenumber and OTP
This is generally the process.
(You can find sample code for different languages using MSG91 here : http://api.msg91.com/apidoc/samplecode/php-sample-code-send-sms.php)

Related

Twiio resend SMS (within short intervals) - What is the expected behaviour

I am using an Identity and Access Management(IAM) vendor who provide a Multi-Factor Authentication (MFA) Service (using SMS and other channels). They use Twilio as their SMS service provider and what I see currently is a behaviour (described in the scenario below) from my IAM provider which is strange and wondering what the underlying Twilio API's behavior is.
I am unable to see this info from the Twilio API docs hence seeking assistance.
Scenario:
Customer uses IAM to login and my IAM provider using Twilio sends a OTP
The OTP comes through but in my test case, I trigger the resend OTP process
In both the steps, I get the right message (the template and senderID that we have configured in the IAM tool)
If I now trigger the OTP resend process a second time (3rd OTP in total for the same number), we receive a message which has AUTHMSG as the senderid and uses a default template message (which is different from what we have configured).
I am working with my IAM vendor to understand what is happening here and I am trying to see if Twilio is playing a part in this (trying to do some smarts as they think that there is some SMS delivery issue - which is the message I am in a way communicating by hitting the resend OTP multiple times)
Is AUTHMSG a senderID that is owned by Twilio? I don't believe so but I am trying to better understand this space.
SenderID is a construct that varies from country to country. Some Contries mandate that users register it with the local regulators while in other countries there is no explicit registration process.
I am worried that if my customers receive this message, they are going to be confused and suspect a Spam/Phishing kind of an activity.
I attempted a similar exercise with PayPal and they were consistent in their SMS OTP Resend. The message was always the same. Unlike my IAM provider, PayPal sends OTP from multiple mobile numbers. In my tests I observed them sending OTPs from two distinct mobile numbers.
Would be glad if someone could assist and provide info in this space.
I will continue to work with my IAM provider and their support channel to see what is happening here.
When using Twilio Verify in a country that supports alphanumeric sender IDs, Twilio uses the AUTHMSG sender ID and registers it with countries around the world that require this, to ensure the best deliverability of OTP messages.
I think you will need to work with your IAM provider, and work out how they have implemented sending OTP messages to see what is going on here. If it is unclear, then you or the IAM provider may also have to contact Twilio support.

Signing up users using phone number react-native-firebase

I am working on an application that will sign up users based on their phone numbers. Everywhere I have read, there are articles regarding signing in users using their phone number. While researching for this I landed on a stackoverflow article itself that mentioned that the signInWithPhoneNumber() article will work for sign up when queried for first time, and will be used for sign in once the user is created as in this article What will happen if I sign in user using phone number without user creation in firebase?.
Going by this article, I wrote the following code to achieve my purpose
import auth from "#react-native-firebase/auth";
console.log("going to sign up with", numberToSend);
// numberToSned is the input number to which the message has to be sent
const confirmation = await auth().signInWithPhoneNumber(numberToSend);
I also set up a dummy number to test the feature.
But whenever this request is made my application shuts down by itself
Also I do not get any error on the console regarding this
So I wanted to ask is their a way to sign up users using their phone number in firebase with react-native?
As the link you describe (but didn't share) says: Firebase makes no distinction between signing up with a phone number or signing in with a phone number. The code for both cases is exactly the same, as shown in the documentation on Firebase phone authentication.

How to use autofill otp like google's one-tap SMS verification with the SMS User Consent API in React Native

I'm trying to achieve phone number verification with the autofill feature in React native application. So far, I've discovered that there are 2 ways i.e either append hash key in sms body or use SMS User Consent API like https://developers.google.com/identity/sms-retriever/user-consent/overview
Is there any way/library through which we can avoid using the hash key?

VerifyUser or VerifyPhoneNumber ? Which makes more sense, better and standard? And Why?

In a mobile app, users register themselves based on their phone numbers (like WhatsApp, Uber, Careem etc). User enters his phone Number, app sends him verification code, then user sends back that verification code, app verifies if the verification code sent by user is correct.
My question is that what should we call the part of the process where the app verifies the verification code? Verification Of User Or Verification Of Phone Number? Which makes more sense? And Why? Which is standard?
It verify both user and mobile no. Mobile no is used as identity of the user. So it is helpful in the future when user forget his password . So we can say it verify mobile which is further linked to the user.

How can i test using multiple users , a sign up page with OTP using jmeter

My website has an OTP authentication at the time of registering to the website. I need to pass the otp that is send to both email id and mobile number into the next page, register and do rest steps in the website. I need to do it with 500 users. Please help me, if there is any solutions
You can use JMeter's Mail Reader sampler (maybe in combination with Regular Expression Extractor) to get the OTP from the email message generated by your system, store it into a JMeter Variable and use in login request.
See How to Create a JMeter Script to Check Email During Registration AND Grab the Confirmation URL article for detailed steps.
If you need do to it for 500 users I guess you'll need to have 500 email accounts, so you might need to use CSV Data Set Config to read keep email/password pairs from .csv file.