We all know that Devise is de facto standard for implementing authentication on rails based apps.
By default it uses email as ID but also allows you to use usernames instead. It also has "Confirmable" module which lets you confirm the email address by sending an email and clicking through the link to verify your email.
I was looking for something similar for phone numbers--basically accepting phone numbers as primary ID instead of emails, and then confirm the phone number by sending an auth code as SMS message to the user's number via something like Twilio, and then let the user confirm it by entering the code (or even let the user click through a generated link to verify just like they do with emails)
The reason I was expecting there to be a popular devise module for this functionality was because it seems as if most mobile social apps accept phone numbers and confirm the number nowadays. There's gotta be someone who thought this was a problem and open-sourced a module for this. However I couldn't find any popular ones. Actually to be precise, here are the only three relevant links I've found on this:
- https://github.com/giano/devise_sms_activable
- https://github.com/baranov-sv/devise_sms_confirmable
- Rails register User using phone number and confirmation
None of them leads to a working solution (I've tried devise_sms_activable but it doesn't work for rails 4, plus I'm wary of the low number of stars) So I wanted to ask if there's any viable solution to this. Am I missing something? Has this topic been brought up among the Devise developer community? I'm curious about the solution but if there is none, I would at least appreciate any answer on why this is not readily available.
[UPDATE]
I think the question might have been a bit misleading. While I can just build it myself, I don't like to re-invent the wheel. Basically my intention with this question was:
- If there's any package that does this (like all the modules such as confirmable, token_authentcatable, etc. Maybe not even a Devise module and it could be entirely a different thing)
- Or, if there is no such pre-built solution, why there isn't one. I just can't comprehend why there is no such solution I can find when everyone seems to be doing this.
I will gladly accept when I get an answer to either #1 or #2. Thanks!
i've looked into that before... but the project requirements changed... so all of the following are relative links found on the devise wiki
you can use the previous tuts in conjunction with some thing like Twilio to send the created custom auth token and authenticate user with phone number other than email.
[UPDATE]
since you mentioned an already working solution, I think this is what you are looking for. Active Model OTP and this blog post it's new and i didn't have the chance to test drive it :D
I also found Two factor authentication Devise extension
[UPDATE Aug/2017]
Based on a project that I was recently working on, I found that Tinfoil/devise-two-factor provides a really good/extensible integration with devise (and is highly customizable)... using the internal ROTP gem, you can provide different length codes based on different authentication methods (APP/SMS) and different window/drift allowed per method without having to write the whole thing from the ground up. (highly recommended if you want full power over complex workflow)
Probably not exactly what the OP was looking for, but for Rails developers in China, now there's a gem called china_sms which automatically integrates various Chinese SMS sending services into your Rails app. I'll just add it here in case anybody shall find it useful.
https://github.com/saberma/china_sms
https://ruby-china.org/topics/12407
I'm the OP, and since I asked this question, I've come across a gem called active_model_opt https://github.com/heapsource/active_model_otp
This gem is not exactly a devise plugin but it does exactly what i was looking for. Basically by adding it to your user model it generates one time passwords that are valid for a certain amount of time. It even has a built-in function to "authenticate" using the one time password.
Anyway I hope anyone who stumbled upon this question may find this answer useful.