Articles

SMS Verification Codes made Easy on Android!


LAURENCE MORONEY: The SMS
Retriever API for Android lets you verify your user’s
phone number ownership without making them deal with
typing verification codes. By using the API, your
app can automatically retrieve verification codes
without having to request full SMS reading permissions. It really takes the friction
out of handling verification. Did I type the
right phone number? Did I type the right
verification code? Do I have to give
permissions correctly? All of these kinds of things. And using the API makes for a
much better user experience. I’m Laurence Moroney,
and in this video, I’ll show you how you can
use this API in your apps. Before you begin, you’ll
need an Android device with a phone number. And this Android device has to
run Google Play services 10.2X or higher. OK, once you have
this, the first step is the user will
initiate SMS verification from within your app. Your app might prompt the
user to enter a phone number, or you could use the
Smart Lock hint selector. Here’s the code for
the hint selector. It uses the hint
request builder, telling it that it wants to
use a phone number identifier. And then this is used to
create and start on an intent. Then in your on activity
results within the credential, you’ll have the phone
number as a string, and here’s the code for that. Next up, you’ll be getting an
instance of the SMS retriever client object so you can start
listening for an incoming SMS. This will stay alive
for up to five minutes waiting for that
incoming message. And the message needs to
contain a unique string that identifies your app. When your server
sends the message, it will use the same string. You’ll see that
step in a moment, but first, let’s take a look
at how to listen for the SMS. As you can see,
it’s pretty simple. You get an SMS retriever
client and then you start a task for it. The task has an unsuccess
listener, as well as an unfailure one. You’ll just simply
override these. At this point, you would
send the user’s phone number to your server, and that
would start its workflow for generating the message that
it will SMS to that number. The message needs
to be constructed in a very specific way. First of all, it can’t
be longer than 140 bytes. And it does need to start
with a well-defined header. See the documentation
for your options on building that header here. It must also end
with an 11 character hash that identifies your app. We’ll see that in a moment. The one time code can
be anything you want, as long as it’s unguessable. The easiest way to do
this is to simply generate a random number or a string
comprised of random numbers and characters. The hash string
ending the message does have to be
deterministic, though. On the client,
Google Play services will use this
string to determine which active verification
message is intended for. There are explicit steps
on how you can build this, and you can find
them at this URL. Your server will then send the
message to the phone using SMS. And when the
message is received, Google Play services
broadcast an intent, which contains the
text of that message. In your app, you’ll need
a broadcast receiver to receive this. Let’s take a look at the
code for that receiver. And here it is. In the on receive of
the broadcast receiver, you’re able to get the extras
and pull the status from there. If the status indicates that
the message was successfully received, you can then pull
the message from the extras. From here, you can parse
out the verification code and send it back to your server
to verify that it was received and thus verify your phone. And that’s it. To learn more about
this API, including how to save the phone
number back to Smart Lock, check out the SMS
retriever documentation on the Google Developer site. Also check out our
YouTube channel for more great videos
about Android development. And while you’re
there, don’t forget to hit that subscribe button. [MUSIC PLAYING]

Leave a Reply

Your email address will not be published. Required fields are marked *