Twilio
Twilio SMS service provider - https://www.twilio.com .
The integration with Twilio SMS API is available OOTB and can be used to send OTP/Token to the registered mobile numbers from IdentityIQ.
Note: Customer has to go for a subscription from Twilio for this.
Example code references using Twilio APIs from IdentityIQ are shown below:
// Send using SMS
Configuration config = context.getConfiguration();
SMSResetConfig smsResetConfig = (SMSResetConfig) config.get("smsResetConfig");
String fromPhone = smsResetConfig.getFromPhone();
log.debug("Twilio SMS: From Phone=[" + fromPhone + "]");
String toPhone = null;
//We can caputure the user’s mobile using a form, but better read this from identity!
if(null == commnTypeValue || commnTypeValue.isEmpty())
toPhone = identity.getStringAttribute("mobile");
else
toPhone = commnTypeValue;
log.debug("Twilio SMS: To Phone=[" + toPhone + "]");
final String ACCOUNT_SID = smsResetConfig.getAccountId();
final String AUTH_TOKEN = smsResetConfig.getAuthToken();
TwilioRestClient client = new TwilioRestClient(ACCOUNT_SID, AUTH_TOKEN);
// Build the parameters
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("To", toPhone));
params.add(new BasicNameValuePair("From", fromPhone));
params.add(new BasicNameValuePair("Body", "IDM: New One Time Password for user[" + useridFromSession + "] is " + newPassword));
MessageFactory messageFactory = client.getAccount().getMessageFactory();
com.twilio.sdk.resource.instance.Message message;
try
{
message = messageFactory.create(params);
} catch (TwilioRestException e)
{
log.error("Error: Send Password Process using SMS Failed for user [" + useridFromSession + "]. and the communication tyep is [" + type + "]. Exception Message = [" + e.getMessage() + "]");
return Response.serverError().entity("Error: Send Password Process using SMS Failed for user [" + useridFromSession + "]. and the communication tyep is [" + type).build();
}
log.debug("Message SID = [" + message.getSid() + "]");
log.debug("Send Password Process using SMS is successful");
return Response.ok().entity("Send Password Process using SMS is successful").build();
We can also validate the OTP/Token as shown below:
//Validate OTP:
// authnSMSToken is the input token received by user!
Identity identity = context.getObjectByName(Identity.class, identityName);
VerificationToken userToken = identity.getVerificationToken();
logger.debug("UserToken from identity=[" + userToken + "]");
if (authnSMSToken == null || userToken == null)
{
logger.error("Identity has no verification token or input token is null.");
return false;
}
if (userToken.getTextCode() == null)
{
logger.error("No text code present for identity.");
return false;
}
if ((new Date()).getTime() >= userToken.getExpireDate().getTime())
{
logger.error((new StringBuilder()).append("Token expired: ").append(userToken.getTextCode()).toString());
return false;
}
boolean match = userToken.getTextCode().equals(authnSMSToken);
if (!match)
{
logger.error("Token mismatch");
return false;
}
logger.debug("Authentication SMS Token is valid!");
return true;
Hello,
Is it possible to use twilio api key and secret instead of auth token?
Kind regards,
Albert.
Hello,
Our IIQ servers require a proxy to reach twilio however there is no such setting available in SMSResetConfig.
Thoughts?