migrate to Messagebird verify API

[phavekes]

This issue is imported from pivotal - Originaly created at May 29, 2019 by Joost van Dijk

Update: won\'t fix because we moved to Spryng because they have their interface is simple to implement and they offer the features need, or are willing to implement them:: GDPR, ISO27001 (and NEN7510) and no logging of SMS message text.

--

The current Messagebird API used for sending text messages has a security issue with logging at Messagebird: anyone who can access the Messagebird dashboard can see the OTP values sent.

Messagebird now also has a Verify API that is used specifically for 2FA and which hides the sent OTPs from dashboard logs. See https://developers.messagebird.com/api/verify

curl -sX POST https://rest.messagebird.com/verify -H "Authorization: AccessKey $KEY" -d "recipient=" -d "originator=SURFconext" -d "type=flash" -d "template=Je sms-code: %token" -d "timeout=120" -d "tokenLength=8"

This API returns an ID that can be used to verify the OTP: curl -sX GET -H "Authorization: AccessKey $KEY" https://rest.messagebird.com/verify/?token=

I propose to migrate ti the Verify API for sending text messages.

What should the tokenLength be? The character set is restricted to [0-9].

[phavekes]

We\'ll migrate to Spryng instead (Peter Havekes - Mar 29, 2021)