Missed DevDay24? Register for the Best of DevDay

Phone OTP Verification with Twilio Template

"Phone OTP Verification with Twilio Template"

About this template

Quickly verify your users' phone numbers by sending a one-time password (OTP) using Twilio. This will increase the security of your application by making it easier to enroll that verified phone number as an authentication factor in a Multi-Factor Authentication (MFA) strategy.

This "Phone OTP verification" template includes:

  1. An initial form step that requires the user to provide the phone number.
  2. A flow that generates an OTP and sends it via SMS using Twilio.
  3. A form step that requires the user to enter the generated OTP to verify their phone number.
  4. A flow that updates the user's profile by setting the phone property with the user's phone number and setting the phone_verified property to true upon successful verification.

How to configure this template

Visit the Auth0 Dashboard and then open the Forms Dashboard by clicking the Actions > Forms option from the sidebar. Once there, click the "Create form" button.

You have two options for creating this form: you can use a template or import a JSON file.

Use a template

  1. Click the "Use a template" option in the "Create form" modal.
  2. Click the "Phone OTP verification" template.
  3. Click the "Continue" button to customize the template to fit your use case.

Import a JSON file

  1. Download the template JSON file.
  2. Click the link to import a JSON file at the bottom of the "Create form" modal.
  3. Either drag and drop the JSON file you downloaded or browse to its location and upload it.
  4. Provide a name to your form and its flow if the default values are not fitting.
  5. Click the "Continue" button to customize the template to fit your use case.

How to use this form

You can render a form with an Action using the api.prompt.render() method, which takes the form ID as an argument.

There are different ways in which you can find your form ID:

  • On the Forms Dashboard home page, you can see a list of your existing forms. Each entry includes a "Title" and "Form ID" field, which you can copy.
  • If you are using the Form Editor in the Forms Dashboard:
    • Click the "Render" tab to see the sample code that contains the FORM_ID value.
    • Alternatively, you can inspect the URL which follows this pattern:
https://forms.auth0.com/tenants/<REGION>/<TENANT>/forms/<FORM_ID>/render

Once you have located your Form ID, copy and paste it in the following field so that any code snippet that uses such value updates to reflect it:

It's best to render the "Phone OTP verification" form during the login flow. As such, you need to create a Login Action to render it by following these steps:

  1. Visit the "Flows" section of the Auth0 Dashboard and select the "Login" flow.
  2. Locate the "Add Action" panel in the "Login" flow board and click the + icon button.
  3. Select the "Build from scratch" option.
  4. Provide a name to your Action and click the "Create" button.
Action name
Phone OTP verification
  1. Replace the default code in the Actions editor with the following code:
    • Note: Ensure that you replace the AUTH0_FORM_ID placeholder with your form ID.
Action
/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
  const FORM_ID = 'AUTH0_FORM_ID';
  
  if (!event.user.phone_verified) {
    api.prompt.render(FORM_ID);
  }
}


/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onContinuePostLogin = async (event, api) => {}
  1. Click the "Deploy" button.
  2. Next, click on the "Add to flow" link in the toast message that comes up, or click on the "Back to flow" link to return to the "Login" flow board.
  3. Locate the "Add Action" panel in the "Login" flow board, click the Custom tab, and drag-and-drop the "Phone OTP verification" Action between the "Start" and "Complete" states in the board.
  4. Finally, click the "Apply" button in the top-right corner.

Now, when any user attempts to log in and their event.user.phone_verified property is not defined, this Action will render your "Phone OTP verification" form and require the user to enter and verify their phone number before they can complete their login flow.