I have an asp.net core web api application with asp.net core identify. In my registration page I have to verify user phone number. In order to do this, I am using twilio which is great. My registration page is built as a wizard. In the second step the user verifies his phone and only in the end of the wizard, a request is made to create the user. My problem is that the twilio code verification can not be used twice. So if I am using it in the second step I can't use it again for the real create request. I need a way to assign this phone number to the user before the registration request occuers. Session could have been great if it was not a web api . I thought about creating a security token with the user verified phone number . This token will be attached to the create request and will have an expiration date. When the user will verified his phone in the second phase the server will return a token with phone and expiration to the client . This will be send along with the user data in the create request. I am not sure this is the right way to do it, and if it is I will really appreciate some help about how to create this token (all the examples I found was creating token for existing user )
ASP.NET Core Web API how to temporary save verified phone number
491 Views Asked by Ron Yaari At
1
There are 1 best solutions below
Related Questions in ASP.NET
- Create an IIS web request activity light
- Writing/Overwriting to specific XML file from ASP.NET code behind
- What is the point of definnig Asp.net Intrinsic Objects In different places and what is the different betwen them?
- Deleting Orphans with Fluent NHibernate
- IOrderedEnumerable to vb.net IOrderedEnumerable Conversion
- Entity Framework Code First with Fluent API Concurrency `DbUpdateConcurrencyException` Not Raising
- Getting deeply embedded XML element values
- What is best way to check if any of the property of object is null or empty?
- NuGet - Given a type name or a DLL, how can I find the NuGet package?
- ASP-MVC Code-first migrations checkbox not active
- How do i add onclient click to my jquery button
- Jquery: Change contents of <select> tag dynamically
- Retrieving data from Oracle database
- ASP.NET: Fill Textbox field upon dropdownlist selection by user
- Why web API return 404 when deploy to IIS
Related Questions in ASP.NET-CORE
- ASP.NET 5 Class Library - Nuget package Web.Config transform
- Asp.Net 5 correct way to access logging config file from Startup.cs
- What is the difference between 'dependencies' and 'frameworkAssemblies' in project.json?
- Getting absolute URLs using ASP.NET Core
- How to add Project Reference in asp.net 5 application
- Configure the authorization server endpoint
- Observer for fire&forget Task
- IApplicationBuilder exists in both Microsoft.AspNet.Http.Abstractions and Microsoft.AspNet.Http
- What frameworks are available in ASP.NET Core (ASP.NET 5) applications?
- How do I include 'System.Runtime.Serialization.Json' namespace in my VSCode project on Mac OS X?
- How to suppress warnings when building an ASP.NET 5 project?
- Dependency Injection in asp.net 5 custom classes, what is the correct way?
- How to access IConfiguration property from Controller in ASP.NET 5
- Getting a scoped component from a IDocumentStoreListener
- How is execution passed from the clr to Startup class (startup.cs)?
Related Questions in ACCESS-TOKEN
- chrome.identity.getAuthToken and refresh token?
- How can restrict the use of Issued access token of one machine in another machine
- Trying to connect rails app to trello APi
- how to check access token validity in django oauth toolkit?
- Substitute access token in Hybridauth
- Java SDK Authentication with VersionOne Access Tokens
- Get user access token with permission via php with FB sdk 3.2
- Only allow my clients to access my webservice
- Outlook API: getting access-token from front-end, how can i use it in web API backend to get Outlook messages
- Can Outh2.0 access_tokens be compromised?
- Api Token is missing in laravel 4.2 api
- Implementing SSO using OpenID Connect and usage of tokens
- Can you reuse a Google service account access token?
- Azure AD ADAL in MVC Application - Token Expiration
- No route matches [POST] "/knock/user_token"
Related Questions in SMS-VERIFICATION
- how do you prevent verification code attack to server
- How to use autofill otp like google's one-tap SMS verification with the SMS User Consent API in React Native
- Invalidate OTP after timeout using firebase phone authentication in flutter
- ASP.NET Core Web API how to temporary save verified phone number
- SMS verification with Android SmsRetrieverClient not parsing message
- Cannot send sms verification code using with the SMS User Consent API on android
- How to use Cotter as an alternative for Firebase to verify phone?
- Asp.net redirect to bank sms verification (3DPay) page after form post
- Link phone number to a Firebase user Flutter
- Appwrite SMS verification not send
- Firebase Phone Auth suddenly don't works. onCodeSent triggered but no SMS received
- Get sms verification code sent to user in javascript sent from Firebase signInWithPhoneNumber function
- android sms verification without READ_SMS permission
- Working of missed call based phone number verification
- Android SMS verification APi
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Multi-step submission processes are anachronisms in an API scenario. Clients should be able to submit all the information at once. If you need to verify the phone number, there should be a separate endpoint for that, one that deals solely with that particular piece of functionality.
In other words, the client should make a post to a "create user" endpoint with all the information needed to successfully create a user, and the user should be created immediately. A separate request then would be made by the client to verify the phone number. If you don't want the user to be able to user their account before verifying the phone number, you can make that a requirement, but the user object should be persisted regardless. If you like, you could implement some sort of maintenance process to purge any user records that do not have verified numbers after some period of time.