I have an asp.net core web api application with asp.net core identify. In my registration page I have to verify user phone number. In order to do this, I am using twilio which is great. My registration page is built as a wizard. In the second step the user verifies his phone and only in the end of the wizard, a request is made to create the user. My problem is that the twilio code verification can not be used twice. So if I am using it in the second step I can't use it again for the real create request. I need a way to assign this phone number to the user before the registration request occuers. Session could have been great if it was not a web api . I thought about creating a security token with the user verified phone number . This token will be attached to the create request and will have an expiration date. When the user will verified his phone in the second phase the server will return a token with phone and expiration to the client . This will be send along with the user data in the create request. I am not sure this is the right way to do it, and if it is I will really appreciate some help about how to create this token (all the examples I found was creating token for existing user )
ASP.NET Core Web API how to temporary save verified phone number
493 views Asked by Ron Yaari At
1
There are 1 answers
Related Questions in ASP.NET
- Implementing Azure AD B2C Authentication in .NET 8 Blazor Project (RenderMode: InteractiveAuto)
- Azure Application Insights Not Displaying Custom Logs for Azure Functions with .NET 8
- IIS Rewrite Module exclude bots but allow GoogleBot
- Angular 16 sending null values to API
- I am the domain admin, newbie, how do I connect youtube.com on my domain?
- Dropdown list showing SQLServer2005SQLBrowserUser$DONSERVER instead of Active Directory group name in ASP.NET MVC C#
- ASP.NET Identity, Losing Ability to Login until Application Pool Recycles
- How to unprotect ASP.NET FormAuthentication cookie
- How does it work using ASP.NET FormAuthentication
- What is the purpose of a completely standalone 'this'?
- Is there a way to read .csproj PropertyGroup variable in c#
- MSBuild trying to copy different dll with similar name into project sporadically
- Minimizing IdentityServer4 Round Trips in Microservice Architecture with Ocelot
- Azure AD guest account in web app authentication user claims data
- Receiving 400 bad request on post when customer auth handler is used
Related Questions in ASP.NET-CORE
- Windows environment variables at appsettings.json
- Which approach is right while creating a service for your update method?
- New Blazor Web App, Password Reset "A valid antiforgery token was not provided"
- No webpage was found for the web address: https://localhost:7002/Category/Add?area=Admin. Why is my URL generated like ?area=Admin instead of /Admin/
- how to get the html for a tag helper in code
- How to share authorization implemented in the server project with the client project in Blazor Web App Auto project?
- Why https is disabled on publish in .NET Core 7.0
- How to set language in a server-side rendering blazor app
- How can I debug server side rendering blazor code in a component?
- ASP.NET Core 6 randomly returning 200 with empty response
- ASP.NET Core MVC : NullReferenceException: Object reference not set to an instance of an object
- ASP.NET Core Identity Custom Register Endpoint
- VS Community 2022 cannot install dotnet-ef when i try to publish
- How does ASP.NET Core Identity ensure username is unique under concurrent conditions?
- In clean architecture, is the presentation layer allowed to communicate directly with the infrastructure layer?
Related Questions in ACCESS-TOKEN
- Page access token
- Error creating auth token for newly registered user in Django Rest Framework
- Handling Access Tokens and Refresh Token in an Apple Watch Companion App
- How to prevent o365 API connection from becoming invalidated from expired access token when using azure logic apps send email action
- How to secure JWT token
- Does bcp utility support Token based Authentication? If yes, I would like to know the process and which version of bcp to be used
- Rotating Gitlab's Service Account tokens with specified expiry
- how to store access token using cookie in Java spring boot?
- Will the refresh tokens issue new access token if a compromised access token is sent to the server?
- Upload data to Sharepoint from Databricks using Python
- How do I implement fine grained control to blobs in Azure Blob Storage using access tokens from Azure AD (Entra Id)?
- Symfony: get specific token info (app id) and use it inside app rights management
- Express.js with Azure Managed Identity not able to refresh access token after it expires
- How to get access token for further API calls in next-auth when you use personal server as provider in NextJs with TS?
- AttributeError: 'RefreshToken' object has no attribute 'blacklist_after'
Related Questions in SMS-VERIFICATION
- Firebase OTP Verification Fails on Android 14 with FirebaseAuthException
- Flutter Firebase phone authentication error
- how to do SMS OTP verification service in backend with node js
- Cannot read properties of null (reading 'style') and "Verification code is incorrect" error in React code
- How does Firebase Sign in with Phone Number prevent abuse with a Disposable Phone Number services
- PinFieldAutoFill background color does not change
- Getting "DOMException: OTP retrieval was cancelled." when using WebOTP API
- Appwrite SMS verification not send
- Get sms verification code sent to user in javascript sent from Firebase signInWithPhoneNumber function
- Verification Code Design and Functionality in SwiftUI
- Firebase Phone Auth suddenly don't works. onCodeSent triggered but no SMS received
- Why is a _react-native-otp-verify_ library call throwing an 'is not a function' error?
- Link phone number to a Firebase user Flutter
- Asp.net redirect to bank sms verification (3DPay) page after form post
- Auto-detecting verification code of firebase auth is not working
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Multi-step submission processes are anachronisms in an API scenario. Clients should be able to submit all the information at once. If you need to verify the phone number, there should be a separate endpoint for that, one that deals solely with that particular piece of functionality.
In other words, the client should make a post to a "create user" endpoint with all the information needed to successfully create a user, and the user should be created immediately. A separate request then would be made by the client to verify the phone number. If you don't want the user to be able to user their account before verifying the phone number, you can make that a requirement, but the user object should be persisted regardless. If you like, you could implement some sort of maintenance process to purge any user records that do not have verified numbers after some period of time.