Ready to add Authy user account verification to your Flask application? Don't worry, this will be the easiest thing you do all day.
- A user begins the registration process by entering their information (including a phone number) into a signup form.
- The authentication system sends a one-time password to the user's mobile phone to verify the phone number.
- The user enters that one-time password into a form to complete registration.
- The user sees a success page and receives an SMS alerting them that their account has been created!
これを行うには、以下の Twilio 駆動型 API を操作します。
Authy REST API
- Authy Docs: Find quickstarts, documentation, and info on the helper libraries.
Twilio REST API
- Messages Resource: We will use Twilio directly to send our users a confirmation message after they creates their accounts.
DevelopmentConfig class constant values located in the
AUTHY_KEY = 'your_authy_key' TWILIO_ACCOUNT_SID = 'your_twilio_account_sid' TWILIO_AUTH_TOKEN = 'your_twilio_auth_token' TWILIO_NUMBER = 'your_twilio_phone_number' SQLALCHEMY_DATABASE_URI = 'sqlite://'
Note that you have to replace the placeholders
your_authy_key with your information. You can find all of those parameters (and more) in your Twilio Account Console and your Authy dashboard.
The User Model for this tutorial is pretty straight-forward. Note the new variable
authy_user_id, which is implemented for storing the user's Authy identification token.
User model, right? Next we're going to visit the registration form on the client side.
That's it for the client side. Now let's look at what happens when the user submits the form.
Next our controller stores the new user, registers them with Authy's API, and requests a new verification code.
Next we'll set up our application to complete our user verification.
On the server we first check that the email belongs to a user that we haven't yet verified.
Communicate with Authy's API to check if the given code is correct.
Send a confirmation SMS to the user using Twilio's API.
After that (assuming a success!) we redirect the user to a success page.
What happens if the message was never sent, didn't arrive, or can't be found? Let's look at how to handle those scenarios next.
The form for re-sending the code is a single line, so let's skip that detail for this tutorial. Instead, let's just take a look at the controller function for resending verifications.
This controller loads the
User associated with the request and then uses the same Authy API method we used earlier to resend the code. Pretty straightforward, right?
Let's take a step back and see how we can use Authy to resend a verification code to an unverified user.
In order to end up with a cleaner and decoupled design we'll encapsulate all of Authy's related features in an
AuthyService. This class will hold a shared class instance of the
When our user is created successfully via the form we have implemented, we send a token to the user's mobile phone asking them to verify their account in our controller. When the code is sent, we redirect our users to another page where they can enter the received token, completing the verification process.
Authy provides us with a
tokens.verify method that allows us to pass a
user id and
token. In this case we just need to check that the API request was successful and, if so, set a
verified flag on the user.
That's it for token verification! Let's provide a nice user onboarding experience, and send a confirmation message to our new user.
Congratulations! You've successfully verified new user accounts with Authy. Where can we take it from here?
In one simple tutorial, we've implemented account verification with Authy and Twilio, allowing your users to confirm accounts with their phone number! Now it's on you - let us know what you build on Twitter, and check out these other tutorials: