The following is the high level overview of how the SDK works to simplify the process of validating a phone number within an application running on Android.
- A mobile application with the SDK installed.
- A backend service to receive phone numbers from the App and produce a signed JWT
- Have access to Twilio Verification API in the backend, have your mobile application’s hash configured within Twilio
- App requests to the backend to sign the phone number.
- Backend transforms phone number into a JWT. The JWT is the phone number, signed with the customer’s AUTHY_API_KEY and an expiration time
- Backend sends JWT to Android application.
- The Android app, with the JWT, starts the verification with the SDK.
- Twilio sends a formatted SMS (including a prefix and a hash) to the device.
- Twilio Verification SDK reads the SMS in the background and notifies the app. No SMS_READ permission is needed. The app with the provided result will have a verification token that is proof enough that the phone is valid.
Along this guide we're going to implement a sample app from scratch, integrated with the Twilio Verification SDK and supported by a sample token server.
There’s also a more complete sample app already implemented.
Once the SDK is integrated in your app and your backend is capable of generating the JWT, you’re good to go.
You can also make use of the Google’s sign-in hint, which auto-fills connected phone numbers for the user and reduce the friction even further. Check out the official documentation or ask our support team for more information on how to use Google’s sign-in hint. Smartlock passwords - Hint Request API
The Twilio Verification Sample App has implemented this feature and is available in github
It will also be implemented in the latest release of the Authy app, starting roll out on May 2017