phone verification?
So I’ve been playing with wasp and I enjoy it, and am planning on launching my app soon. But I was wondering what the communities thoughts are implementing phone verification for my users on my platform. I really need this as I want to have a strong free tier but can’t have people making multiple accounts. Any resources or options to do this with wasp? Cheers! -Mike
2 Replies
Hey mike! That is something that would be interesting to add to Wasp's auth, but we don't have it yet.
You could do it on your own for sure.
Rough idea:
1. Add
phoneNumber field to User object, make it unique, and also add isPhoneNumberVerified field.
2. Ask them to provide a phone number during signup, and let them know you sent them a verification message they need to check. You will need to use external provider for sending SMS, and you will want to generate some unique token that you will send to them. It could be 6 letters/digits that they then need to enter in your web app. Or it could be an URL leading to your webpage with token embedded into the URL. You will want to also store this token temporarily somewhere, maybe also on User object, maybe separate entity, or even in-memory on the server (but has to be tied to user id then, in a Map or something), since it is quite short lived.
3. If they provide you with correct token, you can se isPhoneNumberVerified to true!
4. You will want to have a check that denies access to those without phoneNumberVerified. You can do it easily on the client/frontend, for the UI purposes, but that is no real security, for real security you want to do it on the server. There, you will probably want to define a global middleware that will be doing that check, or you could do it per-query/action.
Btw, one alternative I would be considering, is instead going with sometihng like Google auth or Github auth, of any of those is a fit for your community. If I am correct, it is not so easy to create a ton of fake Google accounts? Not super sure though.
I am sure there are also resources online with best advice on how to go about this, about implementing phone number verification!
Feel free to ask any follow up questions -> we are happy to help, and if you do this, I would be quite interested to hear how you did at the end and how was the experience, so I wouldn't mind updates / questions on this.Awesome thanks for this Ill look into it! I just know the people in my industry love to spam with fake accounts thats why i ideally need a phone verification