Menu

Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

SMS Two-Factor Authentication with Ruby and Rails

Download the Code

This Ruby on Rails application example demonstrates how to implement an SMS two-factor authentication using Twilio.

To run this application yourself download the code and follow the instructions on GitHub.

Adding two-factor authentication (2FA) to your web application increases the security of your user's data. Multi-factor authentication determines the identity of a user in two steps:

  1. First, we validate the user with an email and password
  2. Second, we validate using a mobile device, by sending them a one-time verification code

Once our user enters the verification code, we know they have received the SMS, and indeed are who they say they are. This is a standard SMS implementation.

Loading Code Sample...
      
      
      
      
      lib/confirmation_sender.rb

      Send verification code

      lib/confirmation_sender.rb
      Let's get started!

      Generate a Verification Code

      Once our user logs in we need to send them a verification code.

      To generate our verification code we use Random#rand which can take a range as an argument. Considering the current implementation our 6-digit verification code could be any number between 100000 and 999999.

      Loading Code Sample...
          
          
          
          
          lib/code_generator.rb

          Generate a Verification Code

          lib/code_generator.rb

          Next, let's take a look at how we would send this in an SMS with Twilio.

          Send the Verification Code

          Send a Verification Code

          The Twilio Ruby helper library allows us to easily send an SMS.

          First we have to create an instance of a Twilio Client with our credentials. Now all we have to do to send an SMS using the REST API is to call client.messages.create() with the necessary parameters.

          You can find the necessary credentials in the Twilio Console.

          Loading Code Sample...
              
              
              
              
              lib/message_sender.rb

              Send a Verification Code

              lib/message_sender.rb

              Now that we know how to generate the verification code and send it, let's now look at how to kick off the signup process.

              Register a User

              Register a User

              When a user signs up for our website, this controller creates the user and sends them a verification code.

              In order to do two-factor authentication we need to make sure we ask for the user's phone number.

              Let's see how we implemented the send_confirmation_to method.

              Loading Code Sample...
                  
                  
                  
                  
                  app/controllers/users_controller.rb

                  Register a User

                  app/controllers/users_controller.rb

                  Now let's take a closer at how to proceed with the 2-step verification.

                  Let's Put It All Together!

                  Putting It All Together

                  Using the building blocks we've created in the previous steps we can now pull it all together.

                  Notice we update the user with the verification code since we'll need to look it up to verify the user.

                  Loading Code Sample...
                      
                      
                      
                      
                      lib/confirmation_sender.rb

                      Send verification code

                      lib/confirmation_sender.rb

                      And now, a drumroll for the second step of the two-step authentication implementation...

                      Implement the 2-Step Verification

                      Implementing the 2-Step Verification

                      When the user receives an SMS with the verification code we need to ensure the given code is valid.

                      This validation is achieved by comparing the user's verification code with the verification code the user inputs on the form.

                      If the validation was successful the application allows the user to have access to the protected content. Otherwise, the application will prompt for the verification code once again.

                      Loading Code Sample...
                          
                          
                          
                          
                          app/controllers/confirmations_controller.rb

                          Implementing the 2-Step Verification

                          app/controllers/confirmations_controller.rb

                          That's it! We've just implemented SMS Two-Factor Authentication that you can now use in your applications!

                          Where to next?

                          Where to next?

                          If you're a Rails developer working with Twilio, you might want to check out these other tutorials.

                          Workflow Automation

                          Increase your rate of response by automating the workflows that are key to your business. In this tutorial, learn how to build a ready-for-scale automated SMS workflow, for a vacation rental company.

                          Masked Numbers

                          Protect your users' privacy by anonymously connecting them with Twilio Voice and SMS. Learn how to create disposable phone numbers on-demand, so two users can communicate without exchanging personal information.

                          Did this help?

                          Thanks for checking out this tutorial! If you have any feedback to share with us, please reach out on Twitter... we'd love to hear your thoughts, and know what you're building!

                          Agustin Camino Jose Oliveros Andrew Baker David Prothero Kat King

                          Need some help?

                          We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.

                          Loading Code Sample...