基于电话号码的移动应用程序设计身份验证 [英] Phone number based Devise authentication for mobile apps
问题描述
我们都知道 Devise 是在基于 Rails 的应用程序上实现身份验证的事实标准.
We all know that Devise is de facto standard for implementing authentication on rails based apps.
默认情况下,它使用电子邮件作为 ID,但也允许您使用用户名.它还具有可确认"模块,可让您通过发送电子邮件并单击链接来验证您的电子邮件来确认电子邮件地址.
By default it uses email as ID but also allows you to use usernames instead. It also has "Confirmable" module which lets you confirm the email address by sending an email and clicking through the link to verify your email.
我一直在寻找类似的电话号码——基本上接受电话号码作为主要 ID 而不是电子邮件,然后通过像 Twilio 这样的东西向用户的号码发送验证码作为 SMS 消息来确认电话号码,然后让用户通过输入代码来确认(甚至让用户点击生成的链接进行验证,就像他们处理电子邮件一样)
I was looking for something similar for phone numbers--basically accepting phone numbers as primary ID instead of emails, and then confirm the phone number by sending an auth code as SMS message to the user's number via something like Twilio, and then let the user confirm it by entering the code (or even let the user click through a generated link to verify just like they do with emails)
我期望有一个流行的设计模块用于此功能的原因是因为现在似乎大多数移动社交应用程序都接受电话号码并确认号码.一定有人认为这是一个问题并为此开源了一个模块.但是我找不到任何流行的.实际上,准确地说,这是我在这方面找到的仅有的三个相关链接:
The reason I was expecting there to be a popular devise module for this functionality was because it seems as if most mobile social apps accept phone numbers and confirm the number nowadays. There's gotta be someone who thought this was a problem and open-sourced a module for this. However I couldn't find any popular ones. Actually to be precise, here are the only three relevant links I've found on this:
- https://github.com/giano/devise_sms_activable
- https://github.com/baranov-sv/devise_sms_confirmable
- Rails 使用电话号码注册用户并确认
它们都没有找到可行的解决方案(我尝试过 devise_sms_activable 但它不适用于 rails 4,而且我担心星星数量少)所以我想问一下是否有任何可行的解决方案这.我错过了什么吗?这个话题在 Devise 开发者社区中被提出过吗?我对解决方案很好奇,但如果没有,我至少会感谢任何关于为什么这不容易获得的答案.
None of them leads to a working solution (I've tried devise_sms_activable but it doesn't work for rails 4, plus I'm wary of the low number of stars) So I wanted to ask if there's any viable solution to this. Am I missing something? Has this topic been brought up among the Devise developer community? I'm curious about the solution but if there is none, I would at least appreciate any answer on why this is not readily available.
[更新]
我认为这个问题可能有点误导.虽然我可以自己构建它,但我不喜欢重新发明轮子.基本上我对这个问题的意图是:
I think the question might have been a bit misleading. While I can just build it myself, I don't like to re-invent the wheel. Basically my intention with this question was:
- 如果有任何包可以做到这一点(比如所有模块,如confirmable、token_authentcatable等.甚至可能不是Devise模块,它可能是完全不同的东西)
- 或者,如果没有这种预先构建的解决方案,为什么没有.我只是无法理解为什么在每个人似乎都这样做的情况下我找不到这样的解决方案.
当我得到 #1 或 #2 的答案时,我会很乐意接受.谢谢!
I will gladly accept when I get an answer to either #1 or #2. Thanks!
推荐答案
我之前已经研究过...但项目要求发生了变化...所以以下所有内容都是在 设计维基
i've looked into that before... but the project requirements changed... so all of the following are relative links found on the devise wiki
您可以将之前的 tuts 与诸如 Twilio 发送创建的自定义身份验证令牌并使用电子邮件以外的电话号码对用户进行身份验证.
you can use the previous tuts in conjunction with some thing like Twilio to send the created custom auth token and authenticate user with phone number other than email.
[更新]
既然你提到了一个已经有效的解决方案,我认为这就是你要找的.活动模型 OTP 和 这篇博文是新的,我没有机会试驾 :D
since you mentioned an already working solution, I think this is what you are looking for. Active Model OTP and this blog post it's new and i didn't have the chance to test drive it :D
我还发现了双因素身份验证设计扩展
[2017 年 8 月更新]
[UPDATE Aug/2017]
基于我最近在做的一个项目,我发现Tinfoil/devise-two-factor 提供了与设计的非常好的/可扩展的集成(并且是高度可定制的)...使用内部 ROTP gem,您可以根据不同的身份验证方法(APP/SMS)和不同的窗口提供不同的长度代码/每个方法允许漂移,而不必从头开始编写整个事情.(强烈推荐,如果您想对复杂的工作流程有全面的了解)
Based on a project that I was recently working on, I found that Tinfoil/devise-two-factor provides a really good/extensible integration with devise (and is highly customizable)... using the internal ROTP gem, you can provide different length codes based on different authentication methods (APP/SMS) and different window/drift allowed per method without having to write the whole thing from the ground up. (highly recommended if you want full power over complex workflow)
这篇关于基于电话号码的移动应用程序设计身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
