Account Verification with Authy, PHP and Laravel

(warning)

Warning

As of November 2022, Twilio no longer provides support for Authy SMS/Voice-only customers. Customers who were also using Authy TOTP or Push prior to March 1, 2023 are still supported. The Authy API is now closed to new customers and will be fully deprecated in the future.

For new development, we encourage you to use the Verify v2 API.

Existing customers will not be impacted at this time until Authy API has reached End of Life. For more information about migration, see Migrating from Authy to Verify for SMS.

Ready to implement user account verification in your application? Here's how it works at a high level:

The users begin the registration process by entering their data, including a phone number, into a signup form.
The authentication system sends a one-time password to the user's mobile phone to verify the possession of that phone number.
The user enters the one-time password into a form before completing registration.
The user opens a success page and receives an SMS indicating that their account has been created!

Building Blocks

To get this done, you'll be working with the following Twilio-powered APIs:

Authy REST API

Authy Docs: Find quick starts, documentation, and all about the helper libraries.

Twilio REST API

Messages Resource: We will use Twilio directly to send our user a confirmation message after they create an account.

All of this can be done in under a half an hour with the simplicity and power of Authy and Twilio. Let's get started!

The User Model

If you have already read through the 2FA tutorial, this User Model probably looks very similar:

Migration to create user table

1<?php
2
3use Illuminate\Database\Schema\Blueprint;
4use Illuminate\Database\Migrations\Migration;
5
6class CreateUsersTable extends Migration
7{
8    /**
9     * Run the migrations.
10     *
11     * @return void
12     */
13    public function up()
14    {
15        Schema::create('users', function (Blueprint $table) {
16            $table->increments('id');
17            $table->string('name');
18            $table->string('email')->unique();
19            $table->string('password', 60);
20            $table->string('phone_number');
21            $table->string('country_code');
22            $table->string('authy_id')->nullable();
23            $table->boolean('verified')->default(false);
24            $table->rememberToken();
25            $table->timestamps();
26        });
27    }
28
29    /**
30     * Reverse the migrations.
31     *
32     * @return void
33     */
34    public function down()
35    {
36        Schema::drop('users');
37    }
38}
39

Next, we're going to visit the registration form on the client side.

Registration Form

When we create a new user, we ask for a name, email address, and a password. To validate their account, we also ask them for a mobile number with a country code. We use Authy to send a one-time password via SMS to this phone number.

It is now the controller's responsibility to verify that the user provides the necessary information to create a new user. If the user is created successfully, they will be logged into the system automatically.

Create New Users

1<?php
2namespace App\Http\Controllers;
3
4use App\Http\Requests;
5use App\User;
6use Auth;
7use Authy\AuthyApi as AuthyApi;
8use DB;
9use Hash;
10use Illuminate\Contracts\Auth\Authenticatable;
11use Illuminate\Http\Request;
12use Illuminate\Support\MessageBag;
13use Twilio\Rest\Client;
14
15class UserController extends Controller
16{
17    /**
18     * Store a new user
19     *
20     * @param  \Illuminate\Http\Request $request
21     * @return \Illuminate\Http\Response
22     */
23    public function createNewUser(Request $request, AuthyApi $authyApi)
24    {
25        $this->validate(
26            $request, [
27                'name' => 'required|string',
28                'email' => 'required|unique:users|email',
29                'password' => 'required',
30                'country_code' => 'required',
31                'phone_number' => 'required|numeric'
32            ]
33        );
34
35        $values = $request->all();
36        $values['password'] = Hash::make($values['password']);
37
38        DB::beginTransaction();
39
40        $newUser = new User($values);
41        $newUser->save();
42        Auth::login($newUser);
43
44        $authyUser = $authyApi->registerUser(
45            $newUser->email,
46            $newUser->phone_number,
47            $newUser->country_code
48        );
49        if ($authyUser->ok()) {
50            $newUser->authy_id = $authyUser->id();
51            $newUser->save();
52            $request->session()->flash(
53                'status',
54                "User created successfully"
55            );
56
57            $sms = $authyApi->requestSms($newUser->authy_id);
58            DB::commit();
59            return redirect()->route('user-show-verify');
60        } else {
61            $errors = $this->getAuthyErrors($authyUser->errors());
62            DB::rollback();
63            return view('newUser', ['errors' => new MessageBag($errors)]);
64        }
65    }
66
67    /**
68     * This controller function shows the current user status
69     *
70     * @param Authenticatable $user Current user
71     * @return mixed Response view
72     */
73    public function show(Authenticatable $user)
74    {
75        return view('showUser', ['user' => $user]);
76    }
77
78    /**
79     * This controller function handles the submission form
80     *
81     * @param Request $request Current User Request
82     * @param Authenticatable $user Current User
83     * @param AuthyApi $authyApi Authy Client
84     * @return mixed Response view
85     */
86    public function verify(Request $request, Authenticatable $user,
87                           AuthyApi $authyApi, Client $client)
88    {
89        $token = $request->input('token');
90        $verification = $authyApi->verifyToken($user->authy_id, $token);
91
92        if ($verification->ok()) {
93            $user->verified = true;
94            $user->save();
95            $this->sendSmsNotification($client, $user);
96
97            return redirect()->route('user-index');
98        } else {
99            $errors = $this->getAuthyErrors($verification->errors());
100            return view('verifyUser', ['errors' => new MessageBag($errors)]);
101        }
102    }
103
104    /**
105     * This controller function handles the verification code resent
106     *
107     * @param Request $request Current User Request
108     * @param Authenticatable $user Current User
109     * @param AuthyApi $authyApi Authy Client
110     * @return mixed Response view
111     */
112    public function verifyResend(Request $request, Authenticatable $user,
113                                 AuthyApi $authyApi)
114    {
115        $sms = $authyApi->requestSms($user->authy_id);
116
117        if ($sms->ok()) {
118            $request->session()->flash(
119                'status',
120                'Verification code re-sent'
121            );
122            return redirect()->route('user-show-verify');
123        } else {
124            $errors = $this->getAuthyErrors($sms->errors());
125            return view('verifyUser', ['errors' => new MessageBag($errors)]);
126        }
127    }
128
129    private function getAuthyErrors($authyErrors)
130    {
131        $errors = [];
132        foreach ($authyErrors as $field => $message) {
133            array_push($errors, $field . ': ' . $message);
134        }
135        return $errors;
136    }
137
138    private function sendSmsNotification($client, $user)
139    {
140        $twilioNumber = config('services.twilio')['number'] or die(
141            "TWILIO_NUMBER is not set in the environment"
142        );
143        $messageBody = 'You did it! Signup complete :)';
144
145        $client->messages->create(
146            $user->fullNumber(),    // Phone number which receives the message
147            [
148                "from" => $twilioNumber, // From a Twilio number in your account
149                "body" => $messageBody
150            ]
151        );
152    }
153}
154

Now the user is logged in but not verified. In the next step, we'll learn how to configure Authy to integrate with our application.

Configuring Authy

In .env.example we list configuration parameters for the application. These are pulled from system environment variables, which is a helpful way to access sensitive values (like API keys). Using environment variables prevents us from accidentally checking them into source control. We also use our Laravel configuration file to load the key and inject Authy\AuthyApi into the application using a service provider.

Now we need our Authy production key (sign up for Authy here). When you create an Authy application, the production key is found on the dashboard.

Register the service provider for the Authy API

1<?php
2namespace App\Providers;
3
4use Authy\AuthyApi as AuthyApi;
5use Illuminate\Support\ServiceProvider;
6
7class AuthyApiProvider extends ServiceProvider
8{
9    /**
10     * Register the application services.
11     *
12     * @return void
13     */
14    public function register()
15    {
16        $this->app->singleton(AuthyApi::class, function ($app) {
17            $authyKey = getenv('AUTHY_API_KEY') or die(
18                "You must specify your api key for Authy. " .
19                "Visit https://dashboard.authy.com/"
20            );
21
22            return new AuthyApi($authyKey);
23        });
24    }
25}
26

Now that we've learned how to configure Authy, we need to jump over to the UserController to configure the Authy client and create an instance method to send a one-time password.

Sending a Token on Account Creation

Once the user has an authy_id we can actually send a verification code to that user's mobile phone.

When our user is created successfully via the form we implemented, we send a token to the user's mobile phone to verify their account in our controller. Once the code is sent, we redirect to another page where the user can enter the token they received, completing the verification process.

Send verification token via SMS on user creation

1<?php
2namespace App\Http\Controllers;
3
4use App\Http\Requests;
5use App\User;
6use Auth;
7use Authy\AuthyApi as AuthyApi;
8use DB;
9use Hash;
10use Illuminate\Contracts\Auth\Authenticatable;
11use Illuminate\Http\Request;
12use Illuminate\Support\MessageBag;
13use Twilio\Rest\Client;
14
15class UserController extends Controller
16{
17    /**
18     * Store a new user
19     *
20     * @param  \Illuminate\Http\Request $request
21     * @return \Illuminate\Http\Response
22     */
23    public function createNewUser(Request $request, AuthyApi $authyApi)
24    {
25        $this->validate(
26            $request, [
27                'name' => 'required|string',
28                'email' => 'required|unique:users|email',
29                'password' => 'required',
30                'country_code' => 'required',
31                'phone_number' => 'required|numeric'
32            ]
33        );
34
35        $values = $request->all();
36        $values['password'] = Hash::make($values['password']);
37
38        DB::beginTransaction();
39
40        $newUser = new User($values);
41        $newUser->save();
42        Auth::login($newUser);
43
44        $authyUser = $authyApi->registerUser(
45            $newUser->email,
46            $newUser->phone_number,
47            $newUser->country_code
48        );
49        if ($authyUser->ok()) {
50            $newUser->authy_id = $authyUser->id();
51            $newUser->save();
52            $request->session()->flash(
53                'status',
54                "User created successfully"
55            );
56
57            $sms = $authyApi->requestSms($newUser->authy_id);
58            DB::commit();
59            return redirect()->route('user-show-verify');
60        } else {
61            $errors = $this->getAuthyErrors($authyUser->errors());
62            DB::rollback();
63            return view('newUser', ['errors' => new MessageBag($errors)]);
64        }
65    }
66
67    /**
68     * This controller function shows the current user status
69     *
70     * @param Authenticatable $user Current user
71     * @return mixed Response view
72     */
73    public function show(Authenticatable $user)
74    {
75        return view('showUser', ['user' => $user]);
76    }
77
78    /**
79     * This controller function handles the submission form
80     *
81     * @param Request $request Current User Request
82     * @param Authenticatable $user Current User
83     * @param AuthyApi $authyApi Authy Client
84     * @return mixed Response view
85     */
86    public function verify(Request $request, Authenticatable $user,
87                           AuthyApi $authyApi, Client $client)
88    {
89        $token = $request->input('token');
90        $verification = $authyApi->verifyToken($user->authy_id, $token);
91
92        if ($verification->ok()) {
93            $user->verified = true;
94            $user->save();
95            $this->sendSmsNotification($client, $user);
96
97            return redirect()->route('user-index');
98        } else {
99            $errors = $this->getAuthyErrors($verification->errors());
100            return view('verifyUser', ['errors' => new MessageBag($errors)]);
101        }
102    }
103
104    /**
105     * This controller function handles the verification code resent
106     *
107     * @param Request $request Current User Request
108     * @param Authenticatable $user Current User
109     * @param AuthyApi $authyApi Authy Client
110     * @return mixed Response view
111     */
112    public function verifyResend(Request $request, Authenticatable $user,
113                                 AuthyApi $authyApi)
114    {
115        $sms = $authyApi->requestSms($user->authy_id);
116
117        if ($sms->ok()) {
118            $request->session()->flash(
119                'status',
120                'Verification code re-sent'
121            );
122            return redirect()->route('user-show-verify');
123        } else {
124            $errors = $this->getAuthyErrors($sms->errors());
125            return view('verifyUser', ['errors' => new MessageBag($errors)]);
126        }
127    }
128
129    private function getAuthyErrors($authyErrors)
130    {
131        $errors = [];
132        foreach ($authyErrors as $field => $message) {
133            array_push($errors, $field . ': ' . $message);
134        }
135        return $errors;
136    }
137
138    private function sendSmsNotification($client, $user)
139    {
140        $twilioNumber = config('services.twilio')['number'] or die(
141            "TWILIO_NUMBER is not set in the environment"
142        );
143        $messageBody = 'You did it! Signup complete :)';
144
145        $client->messages->create(
146            $user->fullNumber(),    // Phone number which receives the message
147            [
148                "from" => $twilioNumber, // From a Twilio number in your account
149                "body" => $messageBody
150            ]
151        );
152    }
153}
154

Next, we'll take a look at verifying the code the user provides us.

Verifying the Code

This controller function handles the submission form. It needs to:

Get the current user.
Verify the code that was entered by the user.
If the code entered was valid, flip a Boolean flag on the user model to indicate the account was verified.

The Authy PHP client provides us with a verifyToken() method that allows us to pass a user id and a token. In this case, we just need to check that the API request was successful and if so, set $user->verified to true.

Verify a user-submitted token

1<?php
2namespace App\Http\Controllers;
3
4use App\Http\Requests;
5use App\User;
6use Auth;
7use Authy\AuthyApi as AuthyApi;
8use DB;
9use Hash;
10use Illuminate\Contracts\Auth\Authenticatable;
11use Illuminate\Http\Request;
12use Illuminate\Support\MessageBag;
13use Twilio\Rest\Client;
14
15class UserController extends Controller
16{
17    /**
18     * Store a new user
19     *
20     * @param  \Illuminate\Http\Request $request
21     * @return \Illuminate\Http\Response
22     */
23    public function createNewUser(Request $request, AuthyApi $authyApi)
24    {
25        $this->validate(
26            $request, [
27                'name' => 'required|string',
28                'email' => 'required|unique:users|email',
29                'password' => 'required',
30                'country_code' => 'required',
31                'phone_number' => 'required|numeric'
32            ]
33        );
34
35        $values = $request->all();
36        $values['password'] = Hash::make($values['password']);
37
38        DB::beginTransaction();
39
40        $newUser = new User($values);
41        $newUser->save();
42        Auth::login($newUser);
43
44        $authyUser = $authyApi->registerUser(
45            $newUser->email,
46            $newUser->phone_number,
47            $newUser->country_code
48        );
49        if ($authyUser->ok()) {
50            $newUser->authy_id = $authyUser->id();
51            $newUser->save();
52            $request->session()->flash(
53                'status',
54                "User created successfully"
55            );
56
57            $sms = $authyApi->requestSms($newUser->authy_id);
58            DB::commit();
59            return redirect()->route('user-show-verify');
60        } else {
61            $errors = $this->getAuthyErrors($authyUser->errors());
62            DB::rollback();
63            return view('newUser', ['errors' => new MessageBag($errors)]);
64        }
65    }
66
67    /**
68     * This controller function shows the current user status
69     *
70     * @param Authenticatable $user Current user
71     * @return mixed Response view
72     */
73    public function show(Authenticatable $user)
74    {
75        return view('showUser', ['user' => $user]);
76    }
77
78    /**
79     * This controller function handles the submission form
80     *
81     * @param Request $request Current User Request
82     * @param Authenticatable $user Current User
83     * @param AuthyApi $authyApi Authy Client
84     * @return mixed Response view
85     */
86    public function verify(Request $request, Authenticatable $user,
87                           AuthyApi $authyApi, Client $client)
88    {
89        $token = $request->input('token');
90        $verification = $authyApi->verifyToken($user->authy_id, $token);
91
92        if ($verification->ok()) {
93            $user->verified = true;
94            $user->save();
95            $this->sendSmsNotification($client, $user);
96
97            return redirect()->route('user-index');
98        } else {
99            $errors = $this->getAuthyErrors($verification->errors());
100            return view('verifyUser', ['errors' => new MessageBag($errors)]);
101        }
102    }
103
104    /**
105     * This controller function handles the verification code resent
106     *
107     * @param Request $request Current User Request
108     * @param Authenticatable $user Current User
109     * @param AuthyApi $authyApi Authy Client
110     * @return mixed Response view
111     */
112    public function verifyResend(Request $request, Authenticatable $user,
113                                 AuthyApi $authyApi)
114    {
115        $sms = $authyApi->requestSms($user->authy_id);
116
117        if ($sms->ok()) {
118            $request->session()->flash(
119                'status',
120                'Verification code re-sent'
121            );
122            return redirect()->route('user-show-verify');
123        } else {
124            $errors = $this->getAuthyErrors($sms->errors());
125            return view('verifyUser', ['errors' => new MessageBag($errors)]);
126        }
127    }
128
129    private function getAuthyErrors($authyErrors)
130    {
131        $errors = [];
132        foreach ($authyErrors as $field => $message) {
133            array_push($errors, $field . ': ' . $message);
134        }
135        return $errors;
136    }
137
138    private function sendSmsNotification($client, $user)
139    {
140        $twilioNumber = config('services.twilio')['number'] or die(
141            "TWILIO_NUMBER is not set in the environment"
142        );
143        $messageBody = 'You did it! Signup complete :)';
144
145        $client->messages->create(
146            $user->fullNumber(),    // Phone number which receives the message
147            [
148                "from" => $twilioNumber, // From a Twilio number in your account
149                "body" => $messageBody
150            ]
151        );
152    }
153}
154

That's all for token verification! However, our verification form wouldn't be very usable if there wasn't a way to resend a verification code if the message didn't arrive at the end user's handset.

Re-Rending the Code

Since the form for re-sending the code is one line, we're going to skip that for this tutorial. Let's just look at the controller function.

Re-send a verification code when initial SMS fails

1<?php
2namespace App\Http\Controllers;
3
4use App\Http\Requests;
5use App\User;
6use Auth;
7use Authy\AuthyApi as AuthyApi;
8use DB;
9use Hash;
10use Illuminate\Contracts\Auth\Authenticatable;
11use Illuminate\Http\Request;
12use Illuminate\Support\MessageBag;
13use Twilio\Rest\Client;
14
15class UserController extends Controller
16{
17    /**
18     * Store a new user
19     *
20     * @param  \Illuminate\Http\Request $request
21     * @return \Illuminate\Http\Response
22     */
23    public function createNewUser(Request $request, AuthyApi $authyApi)
24    {
25        $this->validate(
26            $request, [
27                'name' => 'required|string',
28                'email' => 'required|unique:users|email',
29                'password' => 'required',
30                'country_code' => 'required',
31                'phone_number' => 'required|numeric'
32            ]
33        );
34
35        $values = $request->all();
36        $values['password'] = Hash::make($values['password']);
37
38        DB::beginTransaction();
39
40        $newUser = new User($values);
41        $newUser->save();
42        Auth::login($newUser);
43
44        $authyUser = $authyApi->registerUser(
45            $newUser->email,
46            $newUser->phone_number,
47            $newUser->country_code
48        );
49        if ($authyUser->ok()) {
50            $newUser->authy_id = $authyUser->id();
51            $newUser->save();
52            $request->session()->flash(
53                'status',
54                "User created successfully"
55            );
56
57            $sms = $authyApi->requestSms($newUser->authy_id);
58            DB::commit();
59            return redirect()->route('user-show-verify');
60        } else {
61            $errors = $this->getAuthyErrors($authyUser->errors());
62            DB::rollback();
63            return view('newUser', ['errors' => new MessageBag($errors)]);
64        }
65    }
66
67    /**
68     * This controller function shows the current user status
69     *
70     * @param Authenticatable $user Current user
71     * @return mixed Response view
72     */
73    public function show(Authenticatable $user)
74    {
75        return view('showUser', ['user' => $user]);
76    }
77
78    /**
79     * This controller function handles the submission form
80     *
81     * @param Request $request Current User Request
82     * @param Authenticatable $user Current User
83     * @param AuthyApi $authyApi Authy Client
84     * @return mixed Response view
85     */
86    public function verify(Request $request, Authenticatable $user,
87                           AuthyApi $authyApi, Client $client)
88    {
89        $token = $request->input('token');
90        $verification = $authyApi->verifyToken($user->authy_id, $token);
91
92        if ($verification->ok()) {
93            $user->verified = true;
94            $user->save();
95            $this->sendSmsNotification($client, $user);
96
97            return redirect()->route('user-index');
98        } else {
99            $errors = $this->getAuthyErrors($verification->errors());
100            return view('verifyUser', ['errors' => new MessageBag($errors)]);
101        }
102    }
103
104    /**
105     * This controller function handles the verification code resent
106     *
107     * @param Request $request Current User Request
108     * @param Authenticatable $user Current User
109     * @param AuthyApi $authyApi Authy Client
110     * @return mixed Response view
111     */
112    public function verifyResend(Request $request, Authenticatable $user,
113                                 AuthyApi $authyApi)
114    {
115        $sms = $authyApi->requestSms($user->authy_id);
116
117        if ($sms->ok()) {
118            $request->session()->flash(
119                'status',
120                'Verification code re-sent'
121            );
122            return redirect()->route('user-show-verify');
123        } else {
124            $errors = $this->getAuthyErrors($sms->errors());
125            return view('verifyUser', ['errors' => new MessageBag($errors)]);
126        }
127    }
128
129    private function getAuthyErrors($authyErrors)
130    {
131        $errors = [];
132        foreach ($authyErrors as $field => $message) {
133            array_push($errors, $field . ': ' . $message);
134        }
135        return $errors;
136    }
137
138    private function sendSmsNotification($client, $user)
139    {
140        $twilioNumber = config('services.twilio')['number'] or die(
141            "TWILIO_NUMBER is not set in the environment"
142        );
143        $messageBody = 'You did it! Signup complete :)';
144
145        $client->messages->create(
146            $user->fullNumber(),    // Phone number which receives the message
147            [
148                "from" => $twilioNumber, // From a Twilio number in your account
149                "body" => $messageBody
150            ]
151        );
152    }
153}
154

This controller loads the $user associated with the request and then uses the same Authy API method we used earlier to resend the code.

To wrap things up, let's implement the last step. We need to confirm that the user's account has been verified with a success page and a text message.

Show User Details Page

This blade template displays a user name and let's them know they've been verified.

Render user information with a blade template

1@extends('layouts.master')
2
3@section('title')
4    User
5@endsection
6
7@section('content')
8    <h1>{{ $user->name }}</h1>
9    <p>Account Status:
10        @if($user->verified)
11            Verified
12        @else
13            Not Verified
14        @endif
15    </p>
16    @if( !$user->verified )
17        <p>
18          <a href="{{ route('user-verify') }}">Verify your account now</a>
19        </p>
20    @endif
21@endsection
22

This should suffice for confirmation in the browser that the user has been verified. Let's see how we might send that text message next.

Sending the Confirmation Message

We create a single instance of the Twilio REST API helper, called $client in this example.

To send an SMS to the user's phone, use messages->create() method. To support international numbers, use the user's fullNumber() . The fullNumber() method in the User model returns a combination of the country_code and phone_number that the user provided upon registration.

Send a confirmation message via SMS

1<?php
2namespace App\Http\Controllers;
3
4use App\Http\Requests;
5use App\User;
6use Auth;
7use Authy\AuthyApi as AuthyApi;
8use DB;
9use Hash;
10use Illuminate\Contracts\Auth\Authenticatable;
11use Illuminate\Http\Request;
12use Illuminate\Support\MessageBag;
13use Twilio\Rest\Client;
14
15class UserController extends Controller
16{
17    /**
18     * Store a new user
19     *
20     * @param  \Illuminate\Http\Request $request
21     * @return \Illuminate\Http\Response
22     */
23    public function createNewUser(Request $request, AuthyApi $authyApi)
24    {
25        $this->validate(
26            $request, [
27                'name' => 'required|string',
28                'email' => 'required|unique:users|email',
29                'password' => 'required',
30                'country_code' => 'required',
31                'phone_number' => 'required|numeric'
32            ]
33        );
34
35        $values = $request->all();
36        $values['password'] = Hash::make($values['password']);
37
38        DB::beginTransaction();
39
40        $newUser = new User($values);
41        $newUser->save();
42        Auth::login($newUser);
43
44        $authyUser = $authyApi->registerUser(
45            $newUser->email,
46            $newUser->phone_number,
47            $newUser->country_code
48        );
49        if ($authyUser->ok()) {
50            $newUser->authy_id = $authyUser->id();
51            $newUser->save();
52            $request->session()->flash(
53                'status',
54                "User created successfully"
55            );
56
57            $sms = $authyApi->requestSms($newUser->authy_id);
58            DB::commit();
59            return redirect()->route('user-show-verify');
60        } else {
61            $errors = $this->getAuthyErrors($authyUser->errors());
62            DB::rollback();
63            return view('newUser', ['errors' => new MessageBag($errors)]);
64        }
65    }
66
67    /**
68     * This controller function shows the current user status
69     *
70     * @param Authenticatable $user Current user
71     * @return mixed Response view
72     */
73    public function show(Authenticatable $user)
74    {
75        return view('showUser', ['user' => $user]);
76    }
77
78    /**
79     * This controller function handles the submission form
80     *
81     * @param Request $request Current User Request
82     * @param Authenticatable $user Current User
83     * @param AuthyApi $authyApi Authy Client
84     * @return mixed Response view
85     */
86    public function verify(Request $request, Authenticatable $user,
87                           AuthyApi $authyApi, Client $client)
88    {
89        $token = $request->input('token');
90        $verification = $authyApi->verifyToken($user->authy_id, $token);
91
92        if ($verification->ok()) {
93            $user->verified = true;
94            $user->save();
95            $this->sendSmsNotification($client, $user);
96
97            return redirect()->route('user-index');
98        } else {
99            $errors = $this->getAuthyErrors($verification->errors());
100            return view('verifyUser', ['errors' => new MessageBag($errors)]);
101        }
102    }
103
104    /**
105     * This controller function handles the verification code resent
106     *
107     * @param Request $request Current User Request
108     * @param Authenticatable $user Current User
109     * @param AuthyApi $authyApi Authy Client
110     * @return mixed Response view
111     */
112    public function verifyResend(Request $request, Authenticatable $user,
113                                 AuthyApi $authyApi)
114    {
115        $sms = $authyApi->requestSms($user->authy_id);
116
117        if ($sms->ok()) {
118            $request->session()->flash(
119                'status',
120                'Verification code re-sent'
121            );
122            return redirect()->route('user-show-verify');
123        } else {
124            $errors = $this->getAuthyErrors($sms->errors());
125            return view('verifyUser', ['errors' => new MessageBag($errors)]);
126        }
127    }
128
129    private function getAuthyErrors($authyErrors)
130    {
131        $errors = [];
132        foreach ($authyErrors as $field => $message) {
133            array_push($errors, $field . ': ' . $message);
134        }
135        return $errors;
136    }
137
138    private function sendSmsNotification($client, $user)
139    {
140        $twilioNumber = config('services.twilio')['number'] or die(
141            "TWILIO_NUMBER is not set in the environment"
142        );
143        $messageBody = 'You did it! Signup complete :)';
144
145        $client->messages->create(
146            $user->fullNumber(),    // Phone number which receives the message
147            [
148                "from" => $twilioNumber, // From a Twilio number in your account
149                "body" => $messageBody
150            ]
151        );
152    }
153}
154

We've just implemented account verification so your users can confirm their phone number. Where can we take it from here?

Where to Next?

If you're a PHP developer working with Twilio, you might want to check out these other tutorials:

Click-To-Call

Put a button on your web page that connects visitors to live support or sales people via telephone.

Automated Survey

Instantly collect structured data from your users with a survey conducted over a voice call or SMS text messages.