search

supabase / auth

A JWT based API for managing users and issuing JWT tokens
https://supabase.com/docs/guides/auth
MIT License
1.47k stars 357 forks source link

Using custom (Unlimited) SMS Provider for sending OTP #385

Closed novanda1 closed 1 month ago

novanda1 commented 2 years ago

Feature request

Currently, there is just a few SMS Provider, Twilio and Messagebird but they are expensive for my country, and there is a local SMS Provider that is 500%++ cheaper.

And I believe there is a lot of SMS Provider that cheaper in every country.

https://github.com/supabase/gotrue-js/issues/356

Describe the solution you'd like

Add option in body request that gotrue didn't send the OTP and just give back the OTP code after saving it on the database.

By that, I can use any SMS Provider to send the OTP code, or even I don't send it via SMS, maybe Whatsapp, or anything else.

For example:

curl -X POST 'https://tqfkjdmpohkqylveukuhsy.supabase.net/auth/v1/otp' \
-H "apikey: <SERVICE_KEY>" \
-H "Content-Type: application/json" \
-d '{
  "phone": "123123123123", 
  "send_otp": "false"
}'

{"otp_code":"897514"}

Describe alternatives you've considered

Maybe the API that can write the confirmation_token 

curl -X POST 'https://tqfkjdmpohkqylveukuhsy.supabase.net/auth/v1/confirmation_token' \
-H "apikey: <SERVICE_KEY>" \
-H "Content-Type: application/json" \
-d '{
  "phone": "123123123123", 
  "otp":"<RANDOM>"
}'

{"success":"true"}

No need to return an OTP code, since the OTP is created on my end.

Additional context

myemuk commented 2 years ago

Hi, is there a progress here? Really need this feature. Twilio costs 0.2 usd for single sms in my country

mamousavi commented 2 years ago

Hey @myemuk, I've already created a PR for this (#558). In the meantime if you're self-hosting you can use my fork which supports using a custom SMS gateway.

myemuk commented 2 years ago

@mamousavi , thanks. Hopefully it will be soon merged

novanda1 commented 2 years ago

If you need a quick fix just create psql function to duplicate auth.users to public.user and create psql trigger to run the function each new user signup.

then use RLS (Row Level Security) on your public.users.

myemuk commented 1 year ago

Any progress here?

eduardohr-muniz commented 1 year ago

A suggestion we choose the provider that best serves us, in my case I want to be able to send the code via whatsapp api.

An example is that the subbase generates the token and returns it to us and we send the token via the whatsApp API, sms or whichever provider we want, and the user inserting the right token validates the subbase

angelprzz commented 1 year ago

It would be nice to be able to send SMS via Google Cloud's provider. You get 10,000 successful auths/month for free and it's pretty much the only viable option for many indie developers. I believe many developer decide to stay in Firebase because of that.

elcharitas commented 7 months ago

It's 2024, any progress here at all?

myemuk commented 7 months ago

I don’t know about progress, but I had to go to edge function which sends sms otp code via my favorite provider and saves this token to supabase for later. So it can be verified with standard functionality.

MJUrian-Learner commented 2 months ago

Is there a workaround on how to do it?

J0 commented 1 month ago

Hey all,

Thanks for patiently waiting. We've recently released the send sms hook

Which should allow you to do this. Please give it a spin

Going to close for now. but don't hesitate to reach us if there are issues