Twilio Verify API adds an extra layer of security on a user's account, thereby facilitating fraud fight. It allows for a user to verify their identity before fully logging in to their accounts. The verification process authenticates users on the channels that they prefer, say via sms, voice, push notifications or email.
Built using the Flask web framework, this application provides for a less intrusive way to authenticate a user.
Every time a user registers and logs into their account, an optional link to enable two-factor authentication is provided in the user's Profile page; otherwise a Disable two-factor authentication link is shown to those that have already enabled this feature.
Note: compare this with the time-based one-time password (TOTP) application.
- User can sign up and login in to the app
- Users can change their accounts' password
- Users can update their profiles
- Optional two-factor authentication for logged in users
- Flask web framework
- Python for programming
- Twilio Verify API for 2fa
- Flask WTF for secure web form creation
- Flask login to handle user sessions
- Flask bootstrap for styling and cross-browser responsiveness
- Phone number library for country code phone numbers display
- Flask sqlalchemy and flask migrate for database management
- Pyngrok for localhost testing
- Flask mail for password resets
- Flask moment for beautiful time display
- Email validator to check for valid/invalid emails
- Register for an account. You will be redirected to the login page when you have successfully registered. Log yourself in.
- Navigate to the Profile page. You can update your profile here. Note the optional Enable two-factor authentication link.
- Click Enable two-factor authentication link for your account. Choose your country code and follow the phone number pattern as shown by the placeholder information
Click the Enable 2fa button to effect your change
- On your Profile page, note how the link has changed to Disable two-factor authentication
- Click the Logout link on the top-right of the navbar. You will be redirected to the login page. Try to log in.
- Enter the login token sent to your phone. You will be redirected to the home page if successful.
- Wrong token causes the app to reject your log in attempt.
Kindly note that if you want to test this application from your local machine, you will need to have a Twilio Account. These are the steps you can follow to ensure you are set up:
-
Sign up for Twilio. Get a free account now.
-
From your Twilio Console menu icons on the far left, select the All Product and Services button
-
Click on Verify
-
Click the Create Service Now button
-
Provide a friendly name for your application
-
Note the Service SID code. You will need this
-
Return to Twilio Console. Note your Account SID and Auth Token SID. You will also need these two codes for your app
If you would like to test this application as it is, follow these steps:
- Clone this repo:
$ git clone git@github.com:GitauHarrison/twilio-verify-2fa-implementation-in-flask.git
- Move into the cloned directory:
$ cd twilio-verify-2fa-implementation-in-flask
- Create and activate your virtual environment:
$ mkvirtualenv twilio_2fa # I am using virtualenvwrapper
- Install used dependencies within your new virtual environment:
(twilio_2fa)$ pip3 install -r requirements.txt
- Before you can run your server, remember to create a
.env
file following the guidance seen in the.env.template
. Create a.env
file in the root directory:
(twilio_2fa)$ touch .env
- Update the
.env
file with all the necessary details. Remember to add your Service SID, Account SID and Auth Token SID codes:
TWILIO_ACCOUNT_SID=
TWILIO_AUTH_TOKEN=
TWILIO_VERIFY_SERVICE_ID=
- Run the flask server:
(twilio_2fa)$ flask run
Once your application is running, you can access your localhost on http://127.0.0.1:5000/. Additionally, if you look carefully in your terminal, you will see: * Tunnel URL: NgrokTunnel: "http://4209c9af6d43.ngrok.io" -> "http://localhost:5000"
The HTTP value may be different from the one shown here because I am using the free tier package of ngrok
. Paste the link http://4209c9af6d43.ngrok.io on another device, say your mobile phone, to test the application while it is on localhost.
Another way to obtain ngrok
's free public URLs would be to run the command below in a new terminal window:
(twilio_2fa)$ ngrok http 5000
# Output
ngrok by @inconshreveable (Ctrl+C to quit)
Session Status online
Session Expires 1 hour, 58 minutes
Version 2.3.35
Region United States (us)
Web Interface http://127.0.0.1:4042
Forwarding http://6e95e59c2233.ngrok.io -> http://loc
Forwarding https://6e95e59c2233.ngrok.io -> http://lo
Connections ttl opn rt1 rt5 p50 p9
0 0 0.00 0.00 0.00 0.
Note the lines beginning with 'Forwarding'. These show the public URLs that ngrok uses to redirect requests into our service. This method provides you with https://
.
If you would like to incorporate this feature, try it out by creating your own project line after line. You can follow this twilio verify implementation in flask guide.