Phone authentication

zorox · March 29, 2021, 8:12am

how to set up user with phone authentication only (without the need for email)?
the process will mainly use phone number as the login username … reset-password will use OTP sent to phone… etc
so mainly is to drop the need of email for the user

sunnyson · March 29, 2021, 10:26am

Take a look at how the Authentication currently works:

github.com

strapi/strapi/blob/master/packages/strapi-plugin-users-permissions/controllers/Auth.js

'use strict';

/**
 * Auth.js controller
 *
 * @description: A set of functions called "actions" for managing `Auth`.
 */

/* eslint-disable no-useless-escape */
const crypto = require('crypto');
const _ = require('lodash');
const grant = require('grant-koa');
const { sanitizeEntity } = require('strapi-utils');

const emailRegExp = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
const formatError = error => [
  { messages: [{ id: error.id, message: error.message, field: error.field }] },
];

module.exports = {

This file has been truncated. show original

After understanding how it works you should be able to create your custom routes/controllers to manage phone login.

Create a new route for logging in by phone and use the desired users-permissions services there.

For example, to issue a jwt token for the user, you can use the users-permissions’s jwt.issue service:

let jwt = await strapi.plugins['users-permissions'].services.jwt.issue({
  id: user_id
})

LuisAlaguna · June 18, 2021, 8:49am

Did you try this?

mayankb12 · August 19, 2022, 7:20am

Hello, I have setup the same feature on this github repo - https://github.com/mayank-budhiraja/strapi-with-otp-integration

A user is authenticated only through the OTP verification and all auth requests are made using the JWT token.

bzzn87 · February 19, 2024, 10:26am

It’s been a while but, creating a user authentication system solely based on phone numbers is a smart move for simplifying the login process.

bzzn87 · February 20, 2024, 10:14am

To set this up effectively, you might consider exploring solutions offered by MightyCall. Their platform specializes in phone-based communication and authentication, making it easier to manage user accounts without the need for email verification.
With this service, you can streamline the login process by using phone numbers as the primary username, and implement features like OTP (one-time password) for secure password resets sent directly to the user’s phone.

LuisAlaguna · April 20, 2024, 2:03am

What about Keycloack?