[英]Questions about the Twilio Authy API
We currently have a solution where we implement 2FA ourselves over Twilio Programmable SMS.我们目前有一个解决方案,我们自己通过 Twilio 可编程 SMS 实施 2FA。 We're also using Twilio Verify for Payment PSD2 authorization.
我们还使用 Twilio 验证付款 PSD2 授权。 We're now looking to migrate everything to Authy to make use of the Authy app and I have the following questions that I'm hoping you can help me with.
我们现在正在寻求将所有内容迁移到 Authy 以使用 Authy 应用程序,我有以下问题希望您能帮助我。
Twilio developer evangelist here. Twilio 开发人员布道师在这里。
You will need to write a script to register your users.您需要编写一个脚本来注册您的用户。 When you have registered a user, you will receive an
authy_id
for the user, which you will need to store with your user record.注册用户后,您将收到该用户的
authy_id
,您需要将其与用户记录一起存储。
If a user updates their phone number then you should update the Authy user.如果用户更新了他们的电话号码,那么您应该更新 Authy 用户。 To do so, you will want to delete the old user and re-register with the new phone number.
为此,您需要删除旧用户并使用新电话号码重新注册。 You will then receive a new
authy_id
and you should re-confirm the user can authenticate by challenging them for a new code before you complete the update.然后,您将收到一个新的
authy_id
,并且您应该在完成更新之前通过向他们询问新代码来重新确认用户可以进行身份验证。 If the user updates their email then you can do the same process of deleting and creating a new user though you should receive the same authy_id
back if the phone number hasn't changed (though this will add the email address to Authy's representation of the user).如果用户更新了他们的 email,那么您可以执行删除和创建新用户的相同过程,尽管如果电话号码没有更改,您应该收到相同的
authy_id
(尽管这会将 email 地址添加到 Authy 的用户表示中)。
Check the documentation on PSD2 compliant authentication with Authy here .在此处使用 Authy 检查有关 PSD2 兼容身份验证的文档。 If you are sending SMS messages, then you should set the
action
and action_message
parameters, which tie the message to the authentication.如果要发送 SMS 消息,则应设置
action
和action_message
参数,将消息与身份验证联系起来。 For the app based authentications you can do it via Push Notifications (in which you can include transaction details in the push).对于基于应用程序的身份验证,您可以通过推送通知来完成(您可以在推送中包含交易详细信息)。 If you don't want to implement push, then you do need to get your user to scan a QR code in order to tie the transaction to the authentication (the regular code generated by the app is not connected to a transaction, so is ineligible for PSD2 authentication).
如果您不想实现推送,那么您确实需要让您的用户扫描二维码以将交易与身份验证联系起来(应用程序生成的常规代码未连接到交易,因此不符合条件用于 PSD2 身份验证)。
Let me know if this helps at all.让我知道这是否有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.