Twilio APIs: Sending SMS and validation of OTPs

Twilio

Twilio SMS service provider - https://www.twilio.com  .

The integration with Twilio SMS API is available OOTB and can be used to send OTP/Token to the registered mobile numbers from IdentityIQ.

Note: Customer has to go for a subscription from Twilio for this.

Example code references using Twilio APIs from IdentityIQ are shown below:

     // Send using SMS

      Configuration config = context.getConfiguration();

       SMSResetConfig smsResetConfig = (SMSResetConfig) config.get("smsResetConfig");

       String fromPhone = smsResetConfig.getFromPhone();

       log.debug("Twilio SMS: From Phone=[" + fromPhone + "]");

       String toPhone = null;     

      //We can caputure the user’s mobile using a form, but better read this from identity!

      if(null == commnTypeValue || commnTypeValue.isEmpty())

        toPhone = identity.getStringAttribute("mobile");

      else

        toPhone = commnTypeValue;

      log.debug("Twilio SMS: To Phone=[" + toPhone + "]");

      final String ACCOUNT_SID = smsResetConfig.getAccountId();

      final String AUTH_TOKEN = smsResetConfig.getAuthToken();

      TwilioRestClient client = new TwilioRestClient(ACCOUNT_SID, AUTH_TOKEN);

      // Build the parameters

      List<NameValuePair> params = new ArrayList<NameValuePair>();

      params.add(new BasicNameValuePair("To", toPhone));     

      params.add(new BasicNameValuePair("From", fromPhone));     

      params.add(new BasicNameValuePair("Body", "IDM: New One Time Password for user[" + useridFromSession + "] is " + newPassword));

      MessageFactory messageFactory = client.getAccount().getMessageFactory();

      com.twilio.sdk.resource.instance.Message message;

      try

      {

        message = messageFactory.create(params);

      } catch (TwilioRestException e)

      {

        log.error("Error: Send Password Process  using SMS Failed for user [" + useridFromSession + "]. and the communication tyep is [" + type + "]. Exception Message = [" + e.getMessage() + "]");

        return Response.serverError().entity("Error: Send Password Process  using SMS Failed for user [" + useridFromSession + "]. and the communication tyep is [" + type).build();

      }

      log.debug("Message SID = [" + message.getSid() + "]");

      log.debug("Send Password Process using SMS is successful");

      return Response.ok().entity("Send Password Process using SMS is successful").build();

We can also validate the OTP/Token as shown below:

     //Validate OTP:

    // authnSMSToken is the input token received by user!

   Identity identity = context.getObjectByName(Identity.class, identityName);

    VerificationToken userToken = identity.getVerificationToken();

    logger.debug("UserToken from identity=[" + userToken + "]");

    if (authnSMSToken == null || userToken == null)

    {

      logger.error("Identity has no verification token or input token is null.");

      return false;

    }

    if (userToken.getTextCode() == null)

    {

      logger.error("No text code present for identity.");

      return false;

    }

    if ((new Date()).getTime() >= userToken.getExpireDate().getTime())

    {

      logger.error((new StringBuilder()).append("Token expired: ").append(userToken.getTextCode()).toString());

      return false;

    }

    boolean match = userToken.getTextCode().equals(authnSMSToken);

    if (!match)

    {

      logger.error("Token mismatch");

      return false;

    }

    logger.debug("Authentication SMS Token is valid!");

    return true;