Reset password with SMS

jetixsolorzano · February 7, 2022, 9:24pm

Hi, i was trying to add a feature to my app, I wanted to send the reset password code via SMS, is there any way to send the code via SMS with an 8base mutation?, or with an external service?

Fomich · February 8, 2022, 9:13am

Hello @jetixsolorzano
There is no native support for SMS at 8base, but I will ask our devs if they have any experience with implementing it.

Fomich · February 8, 2022, 9:52am

So, our internal team hasn’t implemented an SMS messaging system yet, but this does not look difficult.
I guess the best option is to use 3rd-party SMS messaging API solution with an 8base trigger on password reset operation.
As the example, here is the simple node.js guide from Twilio SMS API: How to Send SMS and MMS Messages in Node.js | Twilio

jetixsolorzano · February 23, 2022, 6:08pm

When I want to reset password, 8base is asking me for the old password, or if I want to use “userForgotPassword” it is asking me for the email, how can I get the code that 8base is generating without sending it to the email?

Captura de Pantalla 2022-02-23 a la(s) 12.07.23 p. m.

Captura de Pantalla 2022-02-23 a la(s) 12.06.48 p. m.

Fomich · February 24, 2022, 9:51pm

Hello @jetixsolorzano !
You can’t change or reset password without the email.

jetixsolorzano · February 25, 2022, 4:50am

That’s the problem, I want to update the password using a phone number, what I want is to send the code via sms to the user, not using email

Fomich · February 25, 2022, 4:46pm

Check this out: Passwordless Authentication with SMS

jetixsolorzano · March 9, 2022, 5:58pm

So, basically I have to use an Auth0 account and link it with 8base if I want to send the resetPassword code via SMS?

Fomich · March 9, 2022, 6:33pm

Yes, using Custom Auth0 authentication profile

sebastian.scholl · March 29, 2022, 5:07pm

Hey @jetixsolorzano - the 8base Authentication is really only for development purposes at this point. We always encourage people to go work with an existing Authentication Provider so that they have full flexibility in all their auth flows. Auth0, Cognito, and Okta are some of the most popular.

Since user passwords are NOT stored in 8base, there isn’t actually even a requirement of using 8base to do a password reset. You could litterally enable this flow directly through your authentication provider. That said, it may be easiest to utilize their SDK or API in a serverless function that’s deployed to 8base.

I’d recommend checking out (like @Fomich suggested) 8base’s Custom functions, Environment Variables, Twilio or SNS (for sending an SMS) and then the Management API of your Authentication provider. Using these tools you’ll be able to come up with an implimentation!