I know I can setup Auth0 passwordless SMS using a Twilio auth token, but using a Twilio API key would be more secure. I don’t see a way to do this through the management UI. Can this be done in some other way?
2 Likes
Hi, krazzy. I assume you’ve found something for your use case by now, but in case anyone else comes looking I thought I’d drop this in here. I needed this urgently and couldn’t find an answer, but fortunately it wasn’t too difficult a fix. My solution was to switch to a custom action instead of the built-in Twilio integration and use the API credentials in there. I needed to add it to the flow and select that option in the Security settings, too. The actual action needed the Twilio library adding, as well as a couple of secrets. The code I used is as follows, and your own will likely be very similar.
exports.onExecuteSendPhoneMessage = async (event, api) => {
const accountSid = event.secrets.TWILIO_ACCOUNT_SID;
const apiKey = event.secrets.TWILIO_API_KEY;
const apiSecret = event.secrets.TWILIO_API_SECRET;
const twilioSmsNumber = event.secrets.TWILIO_SMS_NUMBER;
const message = event.message_options.text;
const phoneNumber = event.message_options.recipient;
const client = require('twilio')(apiKey, apiSecret, { accountSid: accountSid });
const response = await client.messages.create({
body: message,
from: twilioSmsNumber,
to: phoneNumber,
});
return response;
};
Hope this helps someone!
Best,
Kara