Phone-based authentication

📱 Phone-Based Authentication

This section describes the configuration and behavior of phone authentication, which enables users to authenticate via SMS or voice calls using one-time passcodes (OTP).

✅ Supported Methods

SMS: A one-time code is sent via text message to the user's phone.
Voice: A one-time code is delivered via an automated voice call that reads the code aloud.

🌍 Global Availability

All countries are supported.
Per-country restrictions are not currently configurable.

📌 Make sure your SMS/voice provider has global routing and supports compliance (e.g., local regulations, sender ID requirements, etc.) for the countries you serve.

⚙️ Configuration

Feature

Description

Delivery Channels

sms or voice

From number

A e164+ number

From name (optional)

A human identifier for the number, sometime accepted

Digits

6 or 8

Template

code: %otp%

Integration Provider

Configured Twilio Account

Expiry time

60, 120 and 300 seconds

⚠️ Security Notes

Note: SMS and voice OTPs are vulnerable to SIM swap attacks and should not be the sole factor

PreviousEmail-Based Authentication NextPasskeys

Last updated 19 days ago