Passwordless auth: Custom sms provider with twilio verify

artak · September 4, 2023, 8:23pm

More then a year we used passwordless auth with twilio, everything was good. But now because of this https://support.twilio.com/hc/en-us/articles/1260800720410-What-is-A2P-10DLC- it stopped working, so we want to move to the twilio verify. From the docs it’s not very clear how to do Set Up Custom SMS Gateway for Passwordless Connections

Also I saw this and if this answer still true (no Basic auth support from the auth0) Custom sms provider then I guess it’s not possible to do using custom sms provider. Is there any suggestions or options?

Thanks.

Flotemer · July 9, 2024, 8:20pm

What did you end up doing for your use case here? We have a similiar issue as it seem twilio verify does not integrate well with auth 0

artak · July 9, 2024, 9:04pm

Personal recommendation: After using more then 2 years I can say that it’s not worth to use Auth0 as a authentication provider, it’s better to spent bit more time and use your frameworks library. Over time you will have lot’s of headaches and less control with auth0.

As a solution this worked for me:

I used connection api to proxy sign in code to my backend and then manually sending that code to the users phone number using twilio verify api.

{
    "options": {
      "strategy": "sms",
      "provider": "sms_gateway",
      "gateway_url": "<MY-DOMAIN>/your/sms-verification/api",
      "from": "<FROM_PHONE_NUMBER>",
      "template": "Your <APP_NAME> verification code is: @@password@@",
      "brute_force_protection": true,
      "forward_req_info": "true",
      "disable_signup": false,
      "name": "sms",
      "syntax": "md_with_macros",
      "totp": {
        "time_step": 300,
        "length": 4
      }
    },
    "is_domain_connection": false,
    "enabled_clients": [
            "<CLIENT_ID_1>",
            "<CLIENT_ID_2>",
            "<AND_SO_ON:CHOSSE_WHICH_ONE_YOU_WANT>",
    ]
}

after this every time someone sign-ins your backend will receive POST request from auth0 which contains sms text inside json body, ex. “Your AppName verification code is: 1234”, you can extract code from the text and send it using twilio verify api or other sms service.

Flotemer · July 9, 2024, 10:09pm

Thanks. This helps alot. I’ve been feeling the same way about whether to continue using auth 0 or not given its only been headaches since implementing.

system · July 23, 2024, 10:09pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.