I am building an IONIC2 app for android and iOS, the registration on my app follows these steps:
1- User installs app.
2- User Enters his details "name, email, phone-number, password, etc..."
3- App will send a random code to the user via sms.
4- App will store this code in a variable.
5- User reads the code from the sms and puts it into an text input.
6- App checks if code in variable == code in text input.
7- If true, user account is created and user is signed in.
Next time the user tries to sign in he will be asked to enter his username and password, there will be no sms messages sent in this step as I only need to verify that the phone number is real.
Is this wrong for some reason? and is there a better way to do it?
The code I will be using is simply typescript and html (for ionic2) using angular2, the below code is written in jquery which I will change if i am on the right track.
I should add, there will be no server for this sms verification service, only javascript and the twilio api.
Will anyone be able to read my SID and KEY? as it is an app and not a static web page
$("#btnSubmit").click(function() {
// Your Twilio credentials
var SID = "MY-SID-HERE";
var Key = "MY-KEY-HERE";
var random_code_in_sms = "123456"; // generated randomly
$.ajax({
type: 'POST',
url: 'https://api.twilio.com/2010-04-01/Accounts/' + SID + '/Messages',
data: {
"To": "+123456789",
"From": "+987654321",
"Body": "Hello World"
},
beforeSend: function(xhr) {
xhr.setRequestHeader("Authorization", "Basic " + btoa(SID + ':' + Key));
},
success: function(data) {
console.log(1);
console.log(data);
},
error: function(data) {
console.log(data);
}
});
});
I would probably use Twilio's Authy api instead of trying to build your own solution on the back of their SMS api.
It basically already does exactly what you are trying to achieve.