Get SMS Verification Code

Kalipso - Form - Actions - Actions Description - Group Communications - Get SMS Verification Code

Starts a procedure for retrieving a verification code received by SMS.

Action available for the following operating systems:

Parameters

  • Android Mode:

    • 1-The SMS message will contain an App specific Hash

    • 2-The SMS message will not contain an App specific Hash

  • Sender Phone Number - This is an optional value used when Android Mode = 2, and if specified, only messages received from this number will be retrieved.

  • Target Android App Hash - Used when Android Mode = 1, the control or variable to store this App specific Hash. See Notes for more details.

  • Action Set - The ActionSet to execute when the SMS message is retrieved.

  • Target SMS - The variable to store the SMS retrieved that you can parse to extract the Verification Code.

  • iOS Target Input - The Text Box in iOS that will be used for the user to type in the Verification Code, and that in this case will have an Hint in the keyboard with the Verification Code when the SMS is received. See Notes for more details.

This action operation mode is very different in Android and iOS. Due to user privacy protection, direct SMS access is not allowed, so both O.S. have implemented different mechanisms to obtain a Verification Code received by SMS.

Normally you should always have a text box for the user to manually type in the verification code.

On iOS, no access to the SMS is given. You can select a text box for the user to type in the verification code. If you call this action and select a text box, a Hint will be given to iOS to tell we are expecting the user to type in a Verification Code received by SMS, and when a SMS with a verification code is received, a type suggestion will appear in the keyboard to automatically fill in the verification code. This hint to the O.S. is only available on iOS 12 or higher.

On Android there are 2 ways of obtaining the SMS message:

  • If you have control over the SMS that is sent, you can include a Hash calculated based on the App Signature and Package Name. This way, Android is certain that this SMS is for your App and will give you access to that SMS.

  • If you cannot include the Hash in the SMS, then when the SMS is retrieved, a message will appear to the user asking him permission for the App to access the SMS. If you specify the Sender Phone Number, then only messages from that number will be analyzed. Note that the sender cannot be in the phone contacts, or Android will consider the message private and will not give you access to the SMS.

When the SMS is received on Android, the specified ActionSet will be executed and the specified variable will have the SMS received and you can then extract the verification code from the SMS. This has a timeout of approximately 5 minutes. In the ActionSet, you can add has the first line of code an "On Error" action to check for an Error condition like timeout on the SMS retrieving process, or if the user does not give your App consent the access the SMS.

The App Hash will be stored in the specified variable and will be available immediately after this action returns. You can also calculate the App Hash yourself, following the instructions provided here: https://developers.google.com/identity/sms-retriever/verify#computing_your_apps_hash_string

Last updated