This Java Servlets application example demonstrates how to implement a SMS two-factor authentication using Twilio.
To run this application yourself download the code and follow the instructions on GitHub.
Adding a two-factor authentication (2FA) to your web application increases the security of your user's data. Multi-factor authentication determines the identity of a user in two steps:
- First, we validate the user with an email and password
- Second, we validate by sending them a one-time verification code to a mobile device
Once our user enters the verification code, we know they have received the SMS, and indeed they are who they say they are. This is a standard SMS implementation.
Once our user logs in we need to send them the one-time verification code.
To generate our verification code we use the
java.util.Random class. Considering the current implementation, our 6-digit verification code could be any number between 100000 and 999999.
Next, let's take a look at how to setup the Twilio Java helper library to send the verification code as an SMS.
The Twilio helper library allows us to easily send an SMS. First, we have to create an instance of a Twilio Client with our credentials.
You can find your credentials on your Twilio Account.
Next, we will see how to actually send the verification code.
Once we have the MessageCreator instance created with the necessary parameters, all we have to do to send an SMS using the REST API is to call the
execute method passing the
In this example, the class
TwilioMessageSender is the one responsible for it.
Now that we know how to generate the verification code and send it, let's now look at how to kick off the signup process.
When a user signs up on our website, the prior should store the user's information and send them a verification code.
In order to do two-factor authentication we need to make sure we ask for the user's phone number.
One thing to notice is that when the User constructor is called, the verification code is generated.
Let's see how the
CreateUser#create method is implemented.
In this step all we will do is store the user (and his verification code accordingly) and send an SMS message.
Noticed that MessageSender is implemented by TwilioMessageSender, that we mentioned previously.
Now let's take a closer at how to proceed with the 2-step verification.
When the user receives an SMS with the verification code we need to ensure the given code is valid.
This validation is achieved by comparing the user's verification code with the verification code the user inputs on the form.
If the validation was successful the application allows the user to have access to the protected content. Otherwise the application will prompt for the verification code once again.
That's it! We've just implemented SMS Two-Factor Authentication that you can now use in your applications!
If you're a Java developer working with Twilio, you might want to check these other tutorials out.
Increase your rate of response by automating the workflows that are key to your business. In this tutorial, you will learn how to build a ready-for-scale automated SMS workflow, for a vacation rental company.
Protect your users' privacy by anonymously connecting them with Twilio Voice and SMS. Learn how to create disposable phone numbers on-demand, so two users can communicate without exchanging personal information.
Thanks for checking this tutorial out! If you have any feedback to share with us please contact us on Twitter, we'd love to hear it.