I want to implement authentication in my express.js api with phone number, like whatsapp or telegram. I have experience with passport.js but i have not found any strategy for phone numbers.
My aproach is that if i get a phone number by a post request i generate an ID which i send to the specific phone number by sms. If i get back the ID and phone number pair in post request i authenticate the session. Is my aproach good? Is there any npm package which could be useful for me?
I want to implement authentication in my express.js api with phone number, like whatsapp or telegram. I have experience with passport.js but i have not found any strategy for phone numbers.
My aproach is that if i get a phone number by a post request i generate an ID which i send to the specific phone number by sms. If i get back the ID and phone number pair in post request i authenticate the session. Is my aproach good? Is there any npm package which could be useful for me?
Share Improve this question asked Jan 22, 2018 at 0:40 n4gys4nyin4gys4nyi 9331 gold badge7 silver badges22 bronze badges 2- 1 Didn't use it but looks good: twilio.com/docs/tutorials/account-verification-node-express – SunriseM Commented Jan 22, 2018 at 0:45
- 1 how about 3rd party services like nexmo.com/products/verify ? – Chris Chen Commented Jan 22, 2018 at 0:57
2 Answers
Reset to default 11In first place, you need a service provider able to send SMS.
I have an Ionic app that validate users in the same way that you want and I ussing https://developers.messagebird.com/docs/messaging, because they have a REST API to send SMS and also Voice Calls. My users choose how to receive the validation code, sms or call. Calls are 50% cheaper than SMS.
Other aproach is to use Firebase PhoneNumber authentication. It is free but limited:
- https://firebase.google.com/docs/auth/android/phone-auth
- https://firebase.google.com/docs/auth/limits#phone_number_sign_in_limits
How to implement it with Ionic:
- https://gist.github.com/kkrishnan90/f9b61c52850571fa3700fc043b06f53c
- https://javebratt.com/firebase-phone-authentication
The problem with Firebase is that you need to add reCaptcha to your login view.
And if you need to be integrated with passport you can create your own strategy with this module:
- https://www.npmjs.com/package/passport-custom
Hope it helps !
That sounds about right from a high-level approach. You probably want to call an API from your server to send the SMS, I know of two...
- https://www.twilio.com/
- https://www.clockworksms.com/
Both seem to have Node.js libraries, see https://www.twilio.com/docs/libraries/node and https://www.clockworksms.com/doc/easy-stuff/code-wrappers/node-js-wrapper/.
It's worth noting though that there are several other providers that offer a similar service – you might want to search around and compare your options.
Good luck