In this blog post, I’m going to show you how to do phone verification using SMS via Twilio. We will be using Twilio gem.
- When a user signs up , we want to send an SMS to that user with a random string to verify user’s phone number.
- If that user replies back with that code, then verify user’s phone number in the app. Once the phone number is verified, then we can use that phone number for future use.
Step 1: Create required columns in users table
columns in the users table.
Then run the migration.
Step 2: Add phone number field in registration form
phone_number field in the registration form.
Step 3: Send an SMS with verification code
When a user submits registration form, we need to send SMS if
phone number is present. To handle this, add following code in
We have added 2 major changes in the user model,
set_phone_attributesmethod is set in
send_sms_for_phone_verificationmethod is set in
set_phone_attributes method, we are setting up the phone attributes mainly
sanitizing phone number and generating unique phone verification code. In
send_sms_for_phone_verification method, we send SMS to the user. Creation of
SMS for the phone verification message is handled in
PhoneVerificationService class, we have defined
user as an attribute reader
initialize method, we have set the user object to it. Now if you see
method, it does lots of stuff for us.
Lets go through each method.
from- In this method, we set up the twilio phone number e.g. programmable number.
to- In this method, we set the phone number to which we want to send an SMS.
body- In this method, we build text message with verification code.
twilio_client- It creates twilio client based on twilio account sid and auth token.
send_sms- And last, it sends SMS to the user.
Step 4: Set request URL for phone verification in Twilio
As of now the system has the capability to send SMS to a user. Now we need to add capability to receive the SMS and to match the verification code.
First, we need to set up a request URL in Twilio account.
Open twilio account and under NUMBERS section/tab, click on your Twilio number. Then in Messaging section, add request URL with HTTP POST method. Add URL like this.
But to make it work, we need our Rails app on the public internet. There are two options for this:
- Deploy Rails app to your VPS or PaaS of choice.
- Use a tunneling service to take the server running on your development machine and make it available at an address on the public internet.
Step 5: Create phone verification controller
We need one more controller, which will handle phone verification when request comes from Twilio. When a user replies back with a verification code, it will trigger request URL through Twilio API. To handle that request, let’s add phone verifications controller.
Add new route in
Add following code to the
In this controller, we added
this is because we need to allow twilio request in our Rails app which is
actually an outside request (e.g. not secured request). This means we have
disabled CSRF detection for this controller.
Now look at the
verify_from_message method, in this method we take phone verification
code and phone number from params hash. Using those data, we find the user from the database.
Once we get the user, then we mark user’s phone number as a verified phone number.
Finally we are set to send business level text messages to the verified phone number.
This blog has more information about how to make secure twilio requests.