メニュー

Expand
ページを評価:

Twilio Verify Push Android SDK Quickstart

Verify Push is in Public Beta.

Twilio Verify Push SDK helps you verify users by adding a low-friction, secure, cost-effective, "push verification" factor into your own mobile application. It works by registering your user's Android devices as a secure key via public-key cryptography. When your app backend needs to verify that the user is who they say they are, you challenge the user to prove that they still possess their secure key (Android device).

In short order, you can run the Verify Push Android SDK in your existing Android app and verify a user via push verification using Verify Push API.

This Verify Push Quickstart will walk you through the entire process step-by-step, starting with setting up your Twilio account all the way through verifying a user using your existing Android app and backend.

このクイックスタートでは、下記のことを学んでいきます:

  1. Twilioにサインアップ
  2. Configure Push Credential and Verify Service
  3. Embed the client SDK into your Android app
  4. Setup your app backend
  5. Register a user and their device in Verify Push
  6. Configure webhooks
  7. Verify a user

By the end of this Quickstart, you’ll have a solid foundation for implementing Verify Push within your Android app and backend for your specific use cases.

Want a technical overview first?

Technical Overview

Check out the Verify Push SDK Technical Overview to view its data model, sequence diagrams, and security FAQs.

Want to see an example?

Run Sample App

If you don't want to setup Verify Push with your own app or backend immediately, we have built a Sample App embedded with the client Verify Push Android SDK and a Sample Node.js Backend that you can run to see Verify Push in action. These samples can also be helpful for troubleshooting.

 

Want to start with iOS?

iOSクイックスタート

Add Verify Push to your iOS app with the iOS SDK quickstart.

Already have a Twilio account? Go ahead and skip this section.

You can sign up for a free Twilio trial account here.

  • When you sign up, you'll be asked to verify your personal phone number. This helps Twilio verify your identity.
  • Once you verify your number, you'll be asked to create a project. For the sake of this tutorial, you can click on the "Learn and Explore" template. Give your project a name, or just click "skip remaining steps" to continue with the default.
  • Once you get through the project creation flow, you'll arrive at your project dashboard in the Twilio Console. This is where you'll be able to access your Account SID, an authentication token, create a Push Credential, create a Verify Service and more.

プッシュクレデンシャル を作成する

For Verify Push to send push notifications to your Android app, you will need to create a Firebase Cloud Messaging (FCM) Push Credential that contains your FCM secret. Follow these steps to do it in the Twilio Console.

Do you need to set up Firebase Cloud Messaging (FCM) for your Android app? Follow these step-by-step directions for Configuring Android Push Notifications to setup your project with Firebase.

Screen Shot 2020-10-02 at 11.21.42 AM.jpg

  • Click the + button to add a new credential and a form will pop-up:

v push new fcm credential.jpg

  • Enter a friendly name, such as "Verify Quickstart App Credentials"
  • Select FCM push credentials as type
  • Enter the FCM Secret. The value is your Android app's Server key. To find it, visit the Firebase Console, and then look in your app's project settings, under Cloud messaging
  • Click the Create button
  • Note: Although Verify Push uses Twilio Notify for sending push notifications, you do not need to create your own Notify Service

Create a Verify Service and add the Push Credential

Screen Shot 2020-10-02 at 11.19.35 AM (1).jpg

  • Alternatively, you can select any existing Service. For this quickstart, select a Service that isn't being used in production right now (e.g. not actively sending SMS OTPs to your users) so that you don't accidentally cause a production issue.
  • Go to the Service's Settings and select the Credential SID(s) that you want this Service to use for sending push notifications. One SID can be selected for your Android app (FCM) and one for your iOS app (APN):

Screen Shot 2020-10-02 at 11.56.48 AM (1).jpg

Follow the installation steps in the README file of the Twilio Verify Android repo. The installation steps will explain how to add the Android library to your build.gradle file and setup your Android app to work with Firebase Cloud Messaging (FCM).

You should already have access to this repo, but if you don't, contact your Verify Push Private Beta program manager to request access.

After you import the Twilio Verify Android library, you can start to integrate your existing app with Verify Push.

To get started, you will need to create an instance of the TwilioVerify class, using its Builder. Type or paste the sample code.

        
        
        
        

        Your Android app needs to obtain an Access Token (technically an Enrollment JWE, similar to a JSON Web Token (JWT)) to make direct requests to the Verify Push API in the future. This Access Token request needs to be brokered by your app backend. To do this, you need to:

        1. Expose an API endpoint in your app backend for your Android app to request the Access Token

        2. Have your app backend request an Access Token from Verify Push API

        3. Return the Access Token, identity and Verify Service SID to the Android app

        Expose an API endpoint in your app backend for your mobile app to request the Access Token

        Check out our Sample Node.js Backend for an implementation example. In a production web application, you would restrict access token retrieval to the currently authenticated user, using whatever type of authentication your service already uses.

        Have your app backend request an Access Token from Verify Push API

        In the sidebar to the right (or below) is sample code for requesting an access token from the Verify Push API in all languages supported by Twilio helper libraries. You will need the Verify service_sid, as well as the user id (such as a GUID or the user's primary key in your database table) you use as the identity with this Verify service.

              
              
              
              
              Your app backend should make this request

              Request an Access Token from Verify Push API

              Your app backend should make this request

              Do not use Personally Identifiable Information for identity. Use an immutable user identifier like a UUID, GUID, or SID.
              Verify Push uses identity as a unique identifier of a user. You should not use directly identifying information (aka personally identifiable information or PII) like a person's name, home address, email or phone number, etc., as identity because the systems that will process this attribute assume it is not directly identifying information.

              Do not store your Verify Service SID in your app. Get it from your backend, as well as the identity. You can find an example in the sample backend

              Register a user in Verify Push by creating an Entity for the user and register their device by creating a Factor and associating it to that entity.

              Both steps are done simultaneously by creating a factor from a factor payload, and verifying the factor. Type or paste the code samples for both of these steps.

              Create a factor

                    
                    
                    
                    
                          
                          
                          
                          

                          Configure webhooks (optional)

                          Configure a webhook callback for your app backend to be notified of events such as when a Factor has been verified or when a Challenge has been approved, so that it knows to advance the user to the next step in your flow. This is more real-time and efficient than constantly polling the Verify Push API for the status of a Factor or Challenge.

                          Follow the steps in this Verify Webhooks page.

                                
                                
                                
                                
                                Specify events to send to your callback URL

                                Configure webhook

                                Specify events to send to your callback URL

                                Verify a user

                                Congratulations! Verify Push consists of two user sequences, and you've just completed the first one: user and device registration. The second sequence is to challenge and verify (authenticate) a user with their registered device. Read on for the step-by-step instructions.

                                Create a Challenge

                                Your web application backend needs to call the Verify Push API to create a Challenge using the Factor that you've just created. When the challenge is created, Verify Push sends a push notification to the registered mobile device using the configured Push Credential.

                                The code in the sidebar to the right/bottom demonstrates how to create those challenges using the Twilio helper libraries.

                                      
                                      
                                      
                                      

                                      You may choose to put Personally Identifiable Information (PII) or other sensitive information in details and hidden_details. The data in each param will be stored per its retention policy listed in the Challenge resource.

                                      Read Push Notification

                                      Your Android app needs to read the contents of the push notification payload to obtain the challengeSid, factorSid, and message parameters.

                                      The following Kotlin and Java code snippets run when there is an incoming FCM push notification, and if the type is verify_push_challenge, read the parameters out of the notification.

                                            
                                            
                                            
                                            

                                            Get and display Challenge details with your app

                                            Once your app receives the push notification containing the challengeSid, it needs to retrieve the challenge details that correspond to that sid. Type/paste the sample code below.

                                                  
                                                  
                                                  
                                                  

                                                  Update the Challenge to verify the user

                                                  In an actual implementation, your Android app should either display the Challenge details to the user and request confirmation that the Challenge is expected, or silently approve the Challenge, because your app already knows that the user is trying to login on the same device as the registered device that is being challenged.

                                                  In either case, the next step is for your app to call the Verify Push API directly and update the Challenge status as approved or denied. Type/paste the sample code below into your Android app.

                                                        
                                                        
                                                        
                                                        

                                                        Receive Challenge status

                                                        Once Verify Push API receives a Challenge update from your Android app, it will forward the update by sending a webhook callback (challenge.approved or challenge.denied) to your app backend, so that it knows to take your user to the next step in your flow. If you don't have a webhook configured, you can poll the Verify Push API for the status of the Challenge.

                                                        This completes the second user sequence of Verify Push: Challenge and verify a user.

                                                        おめでとうございます!

                                                        関連トピック

                                                        Now that you've verified your first user, check out the following resources to continue your Verify Push journey with Twilio:

                                                        皆さまが何を開発されるのか、目にするのが待ちきれません!

                                                        ページを評価:

                                                        ヘルプが必要ですか?

                                                        誰しもが一度は考える「コーディングって難しい」。そんな時は、お問い合わせフォームから質問してください。 または、Stack Overflow でTwilioタグのついた情報から欲しいものを探してみましょう。

                                                              
                                                              
                                                              

                                                              フィードバックくださりありがとうございます!

                                                              We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

                                                              Sending your feedback...
                                                              🎉 Thank you for your feedback!
                                                              Something went wrong. Please try again.

                                                              Thanks for your feedback!

                                                              Refer us and get $10 in 3 simple steps!

                                                              ステップ1

                                                              Get link

                                                              Get a free personal referral link here

                                                              ステップ2:

                                                              Give $10

                                                              Your user signs up and upgrade using link

                                                              ステップ3

                                                              Get $10

                                                              1,250 free SMSes
                                                              OR 1,000 free voice mins
                                                              OR 12,000 chats
                                                              OR more