About SMS Text Message Verification Codes
SMS text message verification codes are 6-digit codes sent to an end user’s mobile device via SMS text message. These codes can then be used once as part of the user’s authentication flow.
On Userfront, SMS text message verification codes can be configured for use in any of the following scenarios:
- An optional or required 2nd factor for Multi-Factor Authentication (MFA)
- A standalone primary login method (receive SMS code to log in)
- A first factor for multi-factor authentication (MFA), with another factor like TOTP authenticator as a 2nd factor.
SMS Text Message Verification Code Requirements
In order to use SMS text message verification codes, a user must have access to a functioning mobile device with a valid phone number that can receive text messages.
When users first register using SMS, they must first verify their phone number by receiving a 6-digit code and entering it for confirmation. Once a phone number has been paired to an end user’s account, they can use that phone number for future authentication actions.
SMS text message verification codes are valid for 10 minutes and can only be used once.
Attribute
Setting
Duplicate phone numbers
By default, Userfront enforces unique phone numbers for each end user within a workspace. However, this requirement can be removed for workspaces that offer SMS text message verification codes as a 2nd factor.
In this configuration, multiple user accounts can have the same phone number, but each account must confirm the phone number independently before use.
SMS Text Message Verification Code Handling
Webhook sending
You can configure Userfront to send a webhook to your server each time an SMS verification code needs to be sent. You can use the information in this webhook to send an SMS to your end user via the service of your choice.
In this case, the webhook payload will look like this:
{
"action": "login",
"model": "user",
"mode": "live",
"factor": {
"strategy": "verificationCode",
"channel": "sms",
"phoneNumber": "+15558675309",
"verificationCode": "985571",
"message": "Your Acme Group verification code is: 985571",
"expiresAt": "2024-03-12T01:09:29.402Z"
},
"record": {
"mode": "live",
"userId": 5,
"tenantId": "abcd1234",
"userUuid": "53a8435e-e79c-4ba6-99cc-0e2f290cb647"
}
}
Twilio integration
You can configure Userfront to send SMS text message verification codes directly through your own Twilio account by providing the following:
- Twilio account SID
- Twilio auth token
- Twilio messaging SID
To configure your workspace for SMS sends via your own Twilio account, contact us.
Userfront sending
Userfront can send your SMS text message verification codes on your behalf via a Userfront-managed Twilio account.
If you are interested in having Userfront send your SMS text message verification codes on your behalf, contact us.
SMS Text Message Verification Code Documentation
SMS text message verification code API endpoints
- Log in with verification code
- Send verification code
- Verify a phone number
- Multi-Factor Authentication (MFA)