Native support for Twilio Verify for MFA

Feature: Native Support for Twilio Verify for MFA

Description: Recent changes at Twilio have made the existing Twilio integration for MFA more difficult to implement. In September of 2023, Twilio began requiring an A2P campaign tied to a 10DLC in order to send SMS messages. This requires additional setup costs as well as lead time just to be able to send one-time codes for the purposes of MFA.

Twilio themselves recommends moving away from programmable SMS (what Auth0 currently integrates with) to Twilio Verify when used for MFA. They have another blog post on how to integrate Auth0 with Twilio Verify that makes use of Actions in order to send the messages. The downside however, is that in order to enable Fraud Guard, it requires setting up an Auth0 log stream, consuming the log stream, and sending additional API requests to Twilio in order for Fraud Guard to work correctly.

Ideally, the SMS MFA option could support Twilio Verify in addition (or as a replacement) to the current option that only supports programmable SMS. It would be ideal if the only configuration values that were required were the Twilio Account SID, Auth Token, and Verify SID.

Use-case: Implementing SMS MFA for our application. Simplifying the setup between Auth0 and Twilio to eliminate the need for custom code within our application to glue together Auth0 MFA with Twilio Verify and Fraud Guard.

Please Please Please. Imlementing passwordless connections with twilio is cumbersome and unclear, especially given auth-0 does not directly integrate with twilio verify.

2 Likes