Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

express.js phone number authentication

Tags:

javascript

node.js

express

passport.js

I want to implement authentication in my express.js api with phone number, like whatsapp or telegram. I have experience with passport.js but i have not found any strategy for phone numbers.

My aproach is that if i get a phone number by a post request i generate an ID which i send to the specific phone number by sms. If i get back the ID and phone number pair in post request i authenticate the session. Is my aproach good? Is there any npm package which could be useful for me?

like image 410
lacexd Avatar asked Jan 22 '18 00:01

lacexd

People also ask

How do I authenticate a phone number?

What is phone number authentication? Phone number authentication is an authentication method in which a sender sends an SMS message to a receiver's phone. Then, the receiver logs into its phone with a one-time code provided in the SMS message.

Is Passportjs secure?

Passport. js out of the box is safe as your implementation of it to protect routes from unauthorized access. For example if you forget to apply the middleware to certain routes they would not be protected, if you make a mistake in configuring the authentication strategy you may open up your application to an attack.

2 Answers

In first place, you need a service provider able to send SMS.

I have an Ionic app that validate users in the same way that you want and I ussing https://developers.messagebird.com/docs/messaging, because they have a REST API to send SMS and also Voice Calls. My users choose how to receive the validation code, sms or call. Calls are 50% cheaper than SMS.

Other aproach is to use Firebase PhoneNumber authentication. It is free but limited:

  • https://firebase.google.com/docs/auth/android/phone-auth
  • https://firebase.google.com/docs/auth/limits#phone_number_sign_in_limits

How to implement it with Ionic:

  • https://gist.github.com/kkrishnan90/f9b61c52850571fa3700fc043b06f53c
  • https://javebratt.com/firebase-phone-authentication

The problem with Firebase is that you need to add reCaptcha to your login view.

And if you need to be integrated with passport you can create your own strategy with this module:

  • https://www.npmjs.com/package/passport-custom

Hope it helps !

like image 53
jmaciasportela Avatar answered Oct 11 '22 15:10

jmaciasportela

That sounds about right from a high-level approach. You probably want to call an API from your server to send the SMS, I know of two...

  1. https://www.twilio.com/
  2. https://www.clockworksms.com/

Both seem to have Node.js libraries, see https://www.twilio.com/docs/libraries/node and https://www.clockworksms.com/doc/easy-stuff/code-wrappers/node-js-wrapper/.

It's worth noting though that there are several other providers that offer a similar service – you might want to search around and compare your options.

Good luck 👍

like image 38
Zak Avatar answered Oct 11 '22 14:10

Zak
Sign in to Comment

Related questions

Remove all labels on Mapbox GL JS?
Chartjs treemap example
How to make $.get() function synchronous in jQuery?
Convert promise in JSON object
Visual Studio 2017 not compiling typescript
How to use two datasets in chart.js doughnut chart?
How to get xml2js results out of the parser in ES6?
Cloud Functions for Firebase timeout
Could not find include include file
Stripe Elements forcing a postal code
Difference between Stripe Checkout https://checkout.stripe.com/checkout.js and Elements https://js.stripe.com/v3/
javascript and memoized getters
Can I check for object properties in a switch statement?
byte size of buffer (Javascript / Node) [duplicate]
How to get the previous date in angular?
Difference between returning a value and returning Promise.resolve() from a function
Chrome Extension: How to Disable Page Visibility API
Force browser to clear cache in Angular environment
Difference between CallExpression and MemberExpression
Angular/Chart.js error: Failed to create chart: can't acquire context from the given item

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!