How to Build a 2FA App the Low-Code Way

Two-factor authentication (2FA) protects organizations and individuals from unauthorized data access by requiring a level of authentication beyond username and password, to provide added security in the event that those credentials are compromised. One of the simplest ways to institute 2FA types is by sending a one-time password (OTP) sent through a separate communication channel β€” namely, SMS messaging.

Plivo makes it easy to add 2FA via OTP delivered over SMS to your applications. Whether your applications are coded in Python, Ruby, Node.js, PHP, or C#, we’ve got you covered with language-specific SDKs.

You can create and deploy a PHLO to handle 2FA with a few clicks on the PHLO canvas and trigger it with a few lines of code.

Prerequisites

To get started, you need a Plivo account β€” sign up with your work email address if you don’t have one already. If this is your first time triggering a PHLO with Node.js, follow our instructions to set up a Node.js development environment.

Create the PHLO

Plivo provides a prototype for 2FA; all you have to do is select the PHLO and give it a friendly name.

PHLO Setup

Set up the demo application locally

Once youβ€˜ve created the PHLO, download and modify the code to trigger it which is available in 5 different languages which are Python, Ruby, Node.js, PHP, or C#.

Update the config file

Edit the config file. Replace the auth placeholders with your authentication credentials from the Plivo console. Enter your PHLO ID, which you can find on the Plivo console. Replace the phone number placeholder with an actual phone number in E.164 format (for example, +12025551234).

Configuration file

Trigger PHLO

Send SMS and make a call

          def send_verification_code_phlo(self,dst_number,code,mode):
          payload = {
              "from": self.app_number,
              "to": dst_number,
              "otp": code,
              "mode": mode,
          }
          try:
              phlo = self.client_phlo.phlo.get(self.phlo_id)
              response = phlo.run(**payload)
              return response
          except exceptions as e:
              print(e)
              return ("Error encountered", 400)
        

Verify the OTP

        @app.route("/checkcode/<number>/<code>")
        def check_code(number, code):
            """
            check_code(number, code) accepts a number and the code entered by the user and
            tells if the code entered for that number is correct or not
            """

            original_code = current_app.redis.get("number:%s:code" % number)
            if original_code == code:  # verification successful, delete the code
                current_app.redis.delete("number:%s:code" % number)
                return (jsonify({"status": "success", "message": "codes match, number verified"}),200,)
            elif original_code != code:
                return (
                    jsonify(
                        {
                            "status": "rejected",
                            "message": "codes do not match, number not verified",
                        }
                    ),
                    404,
                )
            else:
                return (jsonify({"status": "failed", "message": "number not found"}), 500)
        

The finished application should look like this. Two-Factor Authentication

Simple and reliable

Edit the sample application to see how simple it was to code. Our simple APIs work in tandem with our comprehensive global network. Plivo’s premium direct routes guarantee highest possible delivery rates and the shortest possible delivery times for your 2FA SMS and voice messages. See for yourself β€” sign up for a free trial account.

comments powered by Disqus

By submitting this form, you agree we may contact you in the manner described in our Privacy Policy