Menu

Expand
Rate this page:

Account Verification with Authy, Node.js and Express

As of November 2022, Twilio no longer provides support for Authy SMS/Voice-only customers. Customers who were also using Authy TOTP or Push prior to March 1, 2023 are still supported. The Authy API is now closed to new customers and will be fully deprecated in the future.

For new development, we encourage you to use the Verify v2 API.

Existing customers will not be impacted at this time until Authy API has reached End of Life. For more information about migration, see Migrating from Authy to Verify for SMS.

Ready to implement user account verification in your application? Here's how it works at a high level:

  1. The user begins the registration process by entering their data, including a phone number, into a signup form.
  2. The authentication system sends a one-time password to the user's mobile phone to verify the phone number.
  3. The user enters the one-time password into a form to complete registration.
  4. The user sees a success page and receives an SMS indicating that their account has been created.

Building Blocks

To get this done, you'll be working with the following Twilio-powered APIs:

Authy REST API

  • Users Resource: You will need to create Authy users to send and verify one-time passwords.
  • SMS Resource: We will ask Authy to send one-time passwords to our user via SMS.
  • Verify Resource: Used to verify tokens entered by the user in our web form during registration.

Twilio REST API

  • Messages Resource: We will use Twilio directly to send our user a confirmation message after they create an account.

Let's get started!

Click here to move on to the next step

The User Model

Our first order of business is to create a model object for a user of our application. We will borrow a lot of the code from the User model in the 2FA tutorial that uses Authy as well. This application uses MongoDB for persistence, but in our code we will primarily interface with Mongoose, a higher-level object modeling tool which is backed by MongoDB.

You'll notice an authyId property on the model - this is required to support integration with the Authy API. We won't use this property right away but we'll need it later for the Authy integration.

One of the properties on the User model is the password. It is not in scope for this tutorial, but take note: you'll probably want it later for logging in a returning user.

Loading Code Sample...
        
        
        models/User.js

        User Model definitions for use with Twilio and Authy

        models/User.js

        Now that you've created your user model, let's check out the form template for creating a user.

        Take a look at the user registration form

        The New User Form Template

        When we create a new user, we ask for a name, e-mail address, password and mobile number including country code. In order to validate the user account we use Authy to send a one-time password via SMS to this phone number.

        Loading Code Sample...
              
              
              views/users/create.jade

              Form template for user creation

              views/users/create.jade

              Now the user is logged in but not verified. In the next steps we'll learn how to verify the user using Authy.

              Configure your application to work with Authy

              Configuring Authy

              In config.js, we list configuration parameters for the application. Most are pulled in from system environment variables, which is a helpful way to access sensitive values (like API keys). This prevents us from accidentally checking them in to source control.

              Now, we need our Authy production key (sign up for Authy here). Once you create an Authy application, the production key is found on the dashboard:

              Authy dashboard

              Loading Code Sample...
                    
                    
                    config.js

                    Configure your application to work with Authy

                    config.js

                    Next, we need to jump over to the User model to configure the Authy client and create an instance method to send a one-time password.

                    Learn how to send a one-time token to a new user

                    Sending a Verification Token

                    When it comes time to actually send the user a verification code, we do that in a User model function.

                    Before sending the code, an Authy user needs to exist and correlate to our User model in the database. If the authyId for our user instance hasn't been set, we use the Authy API client to create an associated Authy user and store that ID.

                    Once the user has an authyId, we can send a verification code to that user's mobile phone using the Authy API client.

                    Loading Code Sample...
                          
                          
                          models/User.js

                          Check the user's authyId, register a new user, and send a one-time token

                          models/User.js

                          After the user receives the verification code, they will pass it to the application using this form.

                          Let's check out the controller that handles the form.

                          Handle form submission

                          Verifying the Code: Controller

                          This controller function handles the form's submission. It's a little longer than the others, but it has a lot to do. It needs to:

                          • Load a User model for the current verification request.
                          • Use an instance function on the model object to verify the code that was entered by the user.
                          • If the code entered was valid, it will flip a boolean flag on the user model to indicate the account was verified.

                          Take a look at the User model to see the instance method that handles verifying the code with Authy.

                          Loading Code Sample...
                                
                                
                                controllers/users.js

                                Handle submission of a verification token

                                controllers/users.js

                                Now let's see how we can use Authy to actually verify the code.

                                Verify the user's code with Authy

                                Verifying the Code: Model

                                This instance function is a thin wrapper around the Authy client function that sends a candidate password to be verified. We call Authy's built-in verify function, and then immediately call a passed callback function with the result.

                                Loading Code Sample...
                                      
                                      
                                      models/User.js

                                      Verify the user's Authy token

                                      models/User.js

                                      This is a great start, but what if your code never reaches the end user's handset? Authy can help us to re-send a missing code.

                                      How to handle exceptions

                                      Re-sending the Code

                                      This controller function loads the User model associated with the request and then uses the same instance function we defined earlier to resend the code.

                                      Loading Code Sample...
                                            
                                            
                                            controllers/users.js

                                            Resend a user's code

                                            controllers/users.js

                                            To wrap things up, let's let the user know that their account has been verified via a success page and an SMS to their device.

                                            Wrap it up with a user success page!

                                            Show User Details Page

                                            This controller function renders a Jade template that contains the user's full name, and indicates whether or not they are verified by checking the user's verified property.

                                            Loading Code Sample...
                                                  
                                                  
                                                  controllers/users.js

                                                  Show details about a user

                                                  controllers/users.js

                                                  This should suffice for confirmation in the browser that the user has been verified. Let's see how we might send a confirmation via text message.

                                                  Send a confirmation SMS with Twilio

                                                  Sending a Message

                                                  Here, we add another instance function to the model that will send a text message to the user's configured phone number. Rather than just being a one-time password, this can be anything we wish.

                                                  Loading Code Sample...
                                                        
                                                        
                                                        models/User.js

                                                        Send a text message via Twilio to a user

                                                        models/User.js

                                                        Congratulations! You now have the power to register and verify users with Authy and Twilio SMS. Where can we take it from here?

                                                        What's next?

                                                        Where to Next?

                                                        If you're a Node developer working with Twilio, you might want to check out these other tutorials:

                                                        Click-To-Call

                                                        Put a button on your web page that connects visitors to live support or salespeople via telephone.

                                                        Automated Survey

                                                        Instantly collect structured data from your users with a survey conducted over a call or SMS text messages.

                                                        Did this help?

                                                        Thanks for checking this tutorial out! If you have any feedback to share with us, we'd love to hear it. Reach out to us on Twitter and let us know what you build!

                                                        Jarod Reyes Kelley Robinson Hector Ortega Kat King Jose Oliveros Alejandro Vivanco
                                                        Rate this page:

                                                        Need some help?

                                                        We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

                                                        Loading Code Sample...
                                                              
                                                              
                                                              

                                                              Thank you for your feedback!

                                                              Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

                                                              Sending your feedback...
                                                              🎉 Thank you for your feedback!
                                                              Something went wrong. Please try again.

                                                              Thanks for your feedback!

                                                              thanks-feedback-gif