Twilio Account Security Quickstart - Twilio Authy and Twilio Verify

This template is part of Twilio CodeExchange. If you encounter any issues with this code, please open an issue at github.com/twilio-labs/code-exchange/issues.

About

A simple NodeJS implementation of a website that uses Twilio Account Security services to protect all assets within a folder with Two-factor authentication. Additionally, it shows a Verify Phone Verification implementation.

It uses four channels for two-factor authentication delivery, SMS, Voice, Soft Tokens, and Push Notifications. You should have the Authy App installed to try Soft Token and Push Authentication support.

Learn more about Account Security and when to use the Authy API vs the Verify API in the Account Security documentation.

Implementations in other languages:

.NET	Java	Python	PHP	Ruby
TBD	Done	Done	Done	Done

Features

Authy Two-Factor Authentication Demo

• URL path "/protected" is protected with both user session and Twilio Authy Two-Factor Authentication
• One Time Passwords (SMS and Voice)
• SoftTokens
• Push Notifications (via polling)

Verify Phone Verification

• Phone Verification
• SMS or Voice Call

Set up

Requirements

• Nodejs v10 or v12
• Mongo

Twilio Account Settings

This application should give you a ready-made starting point for writing your own application. Before we begin, we need to collect all the config values we need to run the application:

Config Value	Description
TWILIO_ACCOUNT_SID	Find in the Twilio console
TWILIO_AUTH_TOKEN	console
VERIFY_SERVICE_SID	Create a Verify Service in the console
ACCOUNT_SECURITY_API_KEY	Create a new Authy application in the console. After you give it a name you can view the generated Account Security production API key. This is the string you will later need to set up in your environmental variables.

Local Development

1. Clone this repo and cd into it.

   git clone https://github.com/TwilioDevEd/account-security-quickstart-node.git
   cd account-security-quickstart-node

2. Install the dependencies.

   npm install

3. Set your environment variables. Copy the env.example file and edit it.

   cp .env.example .env

   See Twilio Account Settings to locate the necessary environment variables.

4. Check and make sure MongoDB is up and running.

5. Start the server (will run on port 3000).

   npm start

6. Navigate to http://localhost:3000

That's it!

Docker

If you have Docker already installed on your machine, you can use our docker-compose.yml to setup your project.

1. Make sure you have the project cloned.
2. Setup the .env file as outlined in the Local Development steps.
3. Run docker-compose up.

Tests

You can run the tests locally by typing:

npm test

Cloud deployment

Additionally to trying out this application locally, you can deploy it to a variety of host services. Here is a small selection of them.

Please be aware that some of these might charge you for the usage or might make the source code for this application visible to the public. When in doubt research the respective hosting service first.

Service
Heroku

Resources

• The CodeExchange repository can be found here.

Contributing

This template is open source and welcomes contributions. All contributions are subject to our Code of Conduct.

License

MIT

Disclaimer

No warranty expressed or implied. Software is as is.