Background
I use Twitter's Digits SDK in an app for sign-in, essentially allowing the Users to sign-in quickly use an existing (previously verified by a web app) mobile numbers. This has worked great during internal testing and everyone likes the feature.
Digits SDK
This is part of Twitter's Fabric SDK. It provides a view controller that appears, allows a User to type in a phone number, verify it with a 6-digit code sent via SMS, and it returns auth tokens, etc.
Problem
In order for Apple to review my app, I have to provide a phone number where an Apple employee can receive an SMS [from the Digits verification service] so to be able to authenticate and test my app.
Problem is, I've already tried a number of "Read SMS online" services, but none are receiving the codes from Twitter / Digits. Without a solution, I'm don't have a way for the Apple review team to get past the first menu of my app.
Any ideas? Thank you.
Related
I am creating a google account and an apple ID with a group work account. During registration, it asks for entering a mobile number to be linked to that account where they can send a verification code to it. This account will be used by a group of people and I dont want to put just a personal mobile number and I dont want to buy a new mobile number as it wont be used by anyone and it will expire sooner or later. Is there any other option? I am not sure if Apple or Google have USB keys that can be used for MFA instead of a mobile number?
I don't know about iOS. But Google offers a variety of means, including printed backup codes. They are described here. Yubico also offers hardware keys than can be used.
I'm confused on how exactly to verify a phone with Authy.
I have a C#/MVC view that accepts a country code and phone number and I call AuthyClient.RegisterUser and that works fine. I store the AuthyId that comes back.
I then call AuthyClient.SendSms with force=true. <--- does this send them a verification code?
My test user didn't even enter a code on my site and in Twilio, he's showing as verified. Is that because he opened up the Authy app after getting registered?
Are there multiple ways to verify a phone then?
Twilio developer evangelist here.
The API requests you are making here, starting with the call to AuthyClient.RegisterUser is actually the way that you perform two factor authentication with the Authy APIs.
To verify a phone with Authy you only need to make two API calls. The first sends a verification code and the second requires the user to input the code they received and then verifies it.
I can see you're using the authy.net library, which is sadly archived on GitHub now because it wasn't kept up to date. I'm not a .NET developer, but from what I can see in the codebase it didn't support the Verify endpoints. For this reason, I'd recommend you construct the HTTP requests yourself.
Take a read through the Verify documentation, it has all the URLs you need to make requests to including the required parameters. Let me know how you get on with that.
I'd like to integrate the new login framework from Facebook, Account Kit (which among others provides phone login), to my iOS app, which uses Parse.
I was able to integrate the framework successfully; i.e., I was able to complete the flow: user inputs his phone number -> gets an SMS with a code -> enter it and successfully get a token.
What I’m not sure is what do to next — how to follow up with the integration to Parse?
Other related questions which came to my mind are:
1. Do I need also some Cloud code to deal with it?
2. How do I check if the current user is a new or existing user?
I’d love for any help...
Not only Cloud Code, I guess. You need to integrate this in your Parse Server.
Another way
If you can't do server stuffs, there is lazy, crappy and bad way to implement the integration. But this solves the problem.
The method is
Get the user's phone number after user has logged-in with phone number.
Develop an Algorithm that will generate password from the given phone number.
NSString generatePassword(NSString phone)
After the user has logged-in with accountkit, check if his phone number is already at Parse
If the user's phone number is not at Parse, signUpInBackground(phonenumber, generatePassword(phonenumber), callback)
Unless, logInInBackgroud(phonenumber, generatePassword(phonenumber), callback)
Hope this would help :)
For testing Twilio applications, Twilio provides test credentials. You are allowed to buy phone numbers through the API without being charged to your actual account. My application requires that I be able to buy multiple phone numbers. I would like to do this with test credentials.
However, per this documentation page, it seems like the only phone number you can buy is +15005550006. I tried buying other phone numbers, but I keep getting an exception that states that the phone number I'm trying to buy "...is not available."
Is it really the case that only that one number can be bought?
Twilio developer evangelist here.
Test credentials are for making sure your HTTP calls are being made correctly, they just mock the results of the API so you can make practice calls to it. The idea with test credentials is that if the API call to the fake number works, then your code will work in production.
The test credentials also cause Twilio to return special results for certain resources. For example, you can try to buy the number +15005550001 and it will tell you that the number is invalid. You can see the special examples here: https://www.twilio.com/docs/api/rest/test-credentials#test-incoming-phone-numbers-parameters-PhoneNumber
If you need to actually buy numbers with your account to build your application with, you'll need to use your live credentials. If your app is successful purchasing +15005550006 then you can be sure that switching out to real credentials will work.
I've seen several applications that use Twilio for SMS verification go from:
Sending the user a 4-5 digit code to enter on their handset
to
Pre-filling a 32+ character SMS message that the user sends from their device to the services Twilio number.
Is there any documentation out there on how to implement an approach like this?
Twilio evangelist here.
It sounds like your asking two different questions, one regarding two factor authentication and one regarding autocreating an SMS message on the device for the user to sent to Twilio.
If I've got that correct, then I'd start be working through the Two-Factor Authentication How To article that walks through setting up SMS-bsased two factor authentication.
Another resource to check out is the Add Two-Factor Authentication to your Website with Google Authenticator and Twilio SMS blog post.
As far as generating a text message on a device, I think that is going to greatly depend on what kind of mobile device you are targeting.
Hope that helps.