I want to add phone numbers to meta app. So that if anyone messages to that whatsapp number, I can intercept the message and reply accordingly.
I want to add phone number in "From"
I tried to register the number using system user access token as bearer token. but it shows not enough permission.
My postman request
Related
Phone number ID and/or access token from Quick start is invalid when used outside Quick start test message.
I've created WhatsApp app in Meta for developers, registered number, sent out test messages from Quick start page. When trying to use same phone number ID and access token from my local script I get this issue:
Do I need to create permanent access token for this user? Where I can find phone number ID?
Most of the new mobile Apps use Mobile number with SMS OTP to authenticate the user without username/password how can we do the same to generate Access Token using WSO2 Identity Server, considering the following points:
User have to enter his/her mobile number in the App
User have to enter the SMS OTP in the App
WSO2IS to send the SMS OTP
In the last step to generate Access Token from WSO2 for the user
Following is the expected flow
Mobile-SMS Flow
You can create a custom authenticator for this and manage SMS-OTPs from the custom authenticator you can follow this link and integrate the below two functionalities for your application.
SMSOtpService.generateSMSOTP(userId);
This will generate a SMS-OTP for the input of userID (scim-id) and the output will be a transactionId alongside with smsOtp and through the WSO2IS SMS event handler, you can send OTP too.
SMSOtpService.validateSMSOTP(transactionId, userID, smsOTP);
This method will validate the SMS-OTP with the input fields of transactionID, userId(scim-id) and smsOtp.
You need to do few customizations but basically, you can use these two functions to generate and validate SMS-OTP
I'm working on a Django app, and I would like to authenticate users using their phone numbers, I also would like users to be able to reset their passwords via SMS, is there a way to do it, I can't seem to find anything referencing password reset via SMS in Django, thanks in advance.
When the user requests a password reset, your server must generate a unique token (create a model for storing tokens) and send it to the main device associated with the requesting user via a text message, then the user sends it back to the server and the token can be verified, if it is not valid every existing token associated with the user must be invalidated, tokens must also have a quick expiration (like 3 minutes). You can use a third party service such as AWS Pinpoint (with boto3) or Twilio to send text messages
We have implemented the Custom Auth Triggers as described here. We have the user pool set up to let users login with either phone number or email.
The problem I am having is determining what medium (email or phonenumber) the user signed in as. I am using CognitoIdentityServiceProvider#signUp to reg / login a user.
When observing the event passed into the define / create / verify auth triggers, it seems like doesn't pass through what the username was used to initiate the authentication flow.. only the user attributes which in my case there could be both email or phone. I need to know which one it is so I know if i need to send the code through SMS or Email.
I have tried to add a custom UserAttribute with a prefix of custom: so I could do something like custom:preferredAuthMedium but that doesn't seem to populate the UserAttributes map on the user even though the docs say it should.
Is there a standard way to do this with the custom authentation flow?
This is a workaround by adding a custom attribute during passwordless login
Actually, the authenticationUser function needs to identify whether the user is adding email or phone during login
Step 1: during login process, before calling initiateAuthCommand, First set a custom attribute in Cognito user object - logged_in_by - email or phone
Step 2: once you add a key after that InitiateAuthCommand will be started and call the triggers
Step 3: When createAuthChallenge runs at the time we will have userAttributes.logged_in_by
If this attribute contains email this indicates that the user is trying to login with the email and we need to send OTP over email.
If this attribute contains a phone this indicates that the user is trying to log in with the phone and we need to send OTP over the phone number.
Different medium requires their own confirmation.
The following attributes says which medium the user signed up or verified for,
phone_number_verified is phone number.
email_verified is for email.
Hope it helps.
In django when some one signup for new account, he will be sent an email with an activation link.
One has to click on the activation link sent to them to activate their account. This i was able to achieve using Django.
Presently I am developing a mobile app.
I feel instead of asking them to click on an activation link, i want them to enter some code inside the app.
The code will be sent to their email.
So how to verify the account by passing token and later user will enter it.
1)Extend the user model with a token field.
2)Generate a random short value in that field
3)Edit registration email template to include this token
4)Create an API endpoint to listen for POST and wait for a match of USERNAME+TOKEN