Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

express.js phone number authentication

I want to implement authentication in my express.js api with phone number, like whatsapp or telegram. I have experience with passport.js but i have not found any strategy for phone numbers.

My aproach is that if i get a phone number by a post request i generate an ID which i send to the specific phone number by sms. If i get back the ID and phone number pair in post request i authenticate the session. Is my aproach good? Is there any npm package which could be useful for me?

like image 410
lacexd Avatar asked Jan 22 '18 00:01

lacexd


People also ask

How do I authenticate a phone number?

What is phone number authentication? Phone number authentication is an authentication method in which a sender sends an SMS message to a receiver's phone. Then, the receiver logs into its phone with a one-time code provided in the SMS message.

Is Passportjs secure?

Passport. js out of the box is safe as your implementation of it to protect routes from unauthorized access. For example if you forget to apply the middleware to certain routes they would not be protected, if you make a mistake in configuring the authentication strategy you may open up your application to an attack.


2 Answers

In first place, you need a service provider able to send SMS.

I have an Ionic app that validate users in the same way that you want and I ussing https://developers.messagebird.com/docs/messaging, because they have a REST API to send SMS and also Voice Calls. My users choose how to receive the validation code, sms or call. Calls are 50% cheaper than SMS.

Other aproach is to use Firebase PhoneNumber authentication. It is free but limited:

  • https://firebase.google.com/docs/auth/android/phone-auth
  • https://firebase.google.com/docs/auth/limits#phone_number_sign_in_limits

How to implement it with Ionic:

  • https://gist.github.com/kkrishnan90/f9b61c52850571fa3700fc043b06f53c
  • https://javebratt.com/firebase-phone-authentication

The problem with Firebase is that you need to add reCaptcha to your login view.

And if you need to be integrated with passport you can create your own strategy with this module:

  • https://www.npmjs.com/package/passport-custom

Hope it helps !

like image 53
jmaciasportela Avatar answered Oct 11 '22 15:10

jmaciasportela


That sounds about right from a high-level approach. You probably want to call an API from your server to send the SMS, I know of two...

  1. https://www.twilio.com/
  2. https://www.clockworksms.com/

Both seem to have Node.js libraries, see https://www.twilio.com/docs/libraries/node and https://www.clockworksms.com/doc/easy-stuff/code-wrappers/node-js-wrapper/.

It's worth noting though that there are several other providers that offer a similar service – you might want to search around and compare your options.

Good luck 👍

like image 38
Zak Avatar answered Oct 11 '22 14:10

Zak