This is a feature request to add support for mobile phone verification.
It is similar to the idea of email verification, but for mobile. Most, if not all, other major auth providers support this feature. I’d propose two different options to give each developer when it comes to mobile verification:
Required in signup flow - In order to complete signup, the user inputs their mobile, receives a verification code over sms, and inputs it before they can proceed.
Optional later - At any point, a user can choose to verify their mobile. They click on a link in the app akin to “Verify mobile”. They receive a code via sms and enter it into the app.
The idea behind the first use case, is sometimes you need to verify a user’s phone number before they can create an account. The idea behind the second is similar. Sometimes you need to verify their number before they can access certain features.
If you have your own use case or implementation requirements for this feature, please reply with it so I can improve this request!
Thanks for adding this feature request @EthanOrlander!
Would this be used in addition to an email login? If so, how does it differ from SMS MFA?
Hey Dan! Great question. So, the use case I am considering here is one where your business needs don’t necessarily require MFA, rather you just need to verify the user’s phone number using a one-time code. This would be simple enough to implement separately using a little service and something like Twilio or SNS, but I thought it would be tidier to have it within Auth0 since email & email verification is already there.
If it’s a use case that enough of your users have (maybe it isn’t), I thought it could be convenient to include this functionality in Auth0.
Thanks for expanding on it!
+1 on this use case. Looking through the Auth0 SMS MFA solutions in the AUTH0 dashboard I assumed it alluded to this possibility, however, researching and reading this post has confirmed not. Interestingly we will need to create our own integration to Twilio to achieve verify. With that said when implementing SMS verification in Auth0 we could use custom provider that interfaces with own Twilio service to decouple it from Auth0 now we have this use case.
I’m looking for a similar feature to verify a mobile phone number during sign-up.
Has the requested feature been implemented. If not, can you recommend an alternative solution.
Unfortunately it’s not there yet but we will let you know as soon as it is!
Thankyou Konrad. Is there an alternative solution I could use.
I am also looking for a similar feature.
An optional MFA that the business can trigger if user has to verify his mobile for accessing a specific feature.
Is there any alternate route to do this through Auth0?
We offer a step-up MFA feature, which is similar to SMS verification. You should be able to configure SMS as the primary factor and prompt for MFA, which would require the user to verify their SMS.
It’s not quite the same use case as some of the users have described above, but it may work for you.
Gotcha. Thanks for pointing to the link. This was helpful and I find some use-cases to challenge user with MFA for accessing certain features. Like how Facebook asks you for re-entering password if you want to change some developer settings. This link was helpful.
However, my primary use case is the second case as mentioned in the post. Where I don’t want to force a user to verify his mobile until he wants to access certain features. Once he has verified his mobile, then I will never ask him to verify again.
Thanks for elaborating on the use case.
+1 We have a clear and compelling use case for this related to our customer service. Differs from SMS MFA b/c we’re thinking of it as a 1-many as people may provide multiple phone numbers. @dan.woda Any update on if/when this might be available?
I have a similar case . The flow is similar to passwordless authentication with sms but allowing the user to update the mobile number at a later point if needed. I cant find a way to verify the mobile number and otp
Thanks for sharing your use case @deena.c, and welcome to the Auth0 Community!
We would also like this functionality.
We want to require a SMS on signup, but not MFA everytime they log in.
We just want to ensure people aren’t creating fake/malicious accounts, but not for all our users to enter a code everytime they login.
Thanks for sharing @ed16!
I need this feature too, is there any estimate?
Thank for reaching out. We don’t have this on our current roadmap, so I have no estimate. It’s still in the feature request state.