Ruby library to access the Authy API
require 'authy'
Authy.api_key = 'your-api-key'
Authy.api_uri = 'https://api.authy.com'Using Ruby on Rails? Put this in config/initializers and create a new file called authy.rb.
NOTE: User is matched based on cellphone and country code not e-mail. A cellphone is uniquely associated with an authy_id.
Authy::API.register_user requires the user e-mail address and cellphone. Optionally you can pass in the country_code or we will asume
USA. The call will return you the authy id for the user that you need to store in your database.
Assuming you have a users database with a authy_id field in the users database.
authy = Authy::API.register_user(:email => '[email protected]', :cellphone => "111-111-1111", :country_code => "1")
if authy.ok?
self.authy_id = authy.id # this will give you the user authy id to store it in your database
else
authy.errors # this will return an error hash
endNOTE: Token verification is only enforced if the user has completed registration. To change this behaviour see Forcing Verification section below.
Registration is completed once the user installs and registers the Authy mobile app or logins once successfully using SMS.
Authy::API.verify takes the authy_id that you are verifying and the token that you want to verify. You should have the authy_id in your database
response = Authy::API.verify(:id => user.authy_id, :token => 'token-user-entered')
if response.ok?
# token was valid, user can sign in
else
# token is invalid
endIf you wish to verify tokens even if the user has not yet complete registration, pass force=true when verifying the token.
response = Authy::API.verify(:id => user.authy_id, :token => 'token-user-entered', :force => true)Authy::API.request_sms takes the authy_id that you want to send a SMS token. This requires Authy SMS plugin to be enabled.
response = Authy::API.request_sms(:id => user.authy_id)
if response.ok?
# sms was sent
else
response.errors
#sms failed to send
endThis call will be ignored if the user is using the Authy Mobile App. If you still want to send the SMS pass force=true as an option
response = Authy::API.request_sms(:id => user.authy_id, :force => true)If you wish to send SMS in a specific language, you can provide locale information in the params as shown below.
response = Authy::API.request_sms(:id => user.authy_id, :force => true, :locale => 'es')If the locale that you provide is wrong or does not match, the SMS will be sent in english.
Authy::API.request_phone_call takes the authy_id that you want to deliver the token by a phone call. This requires Authy Calls addon, please contact us to [email protected] to enable this addon.
response = Authy::API.request_phone_call(:id => user.authy_id)
if response.ok?
# call was done
else
response.errors
# call failed
endThis call will be ignored if the user is using the Authy Mobile App. If you ensure that user receives the phone call, you must pass force=true as an option
response = Authy::API.request_phone_call(:id => user.authy_id, :force => true)Authy::API.request_qr_code takes authy_id that you want to deliver the qr code. This requires Generic authenticator tokens to be enabled in Authy console setting. Optinally, you can provide qr_size as a number to decide the output of qr image (For example: qr_size: 400 will returns a 400x400 image) and label as a custom label to be shown by the authenticator app.
response = Authy::API.request_qr_code(id: user.authy_id, qr_size: 500, label: "My Example App")
if response.ok?
# qr code was generated
else
response.errors
end
# You can access the iamge link with
link = response.qr_codeAuthy::API.delete_user takes the authy_id of the user that you want to remove from your app.
response = Authy::API.delete_user(:id => user.authy_id)
if response.ok?
# the user was deleted
else
response.errors
# we were unavailable to delete the user
endAuthy::API.user_status takes the authy_id of the user that you want to get the status from your app.
response = Authy::API.user_status(:id => user.authy_id)
if response.ok?
# do something with user status
else
response.errors
# the user doesn't exist
endAuthy::PhoneVerification.start takes a country code, phone number and a method (sms or call) to deliver the code. You can also provide a custom_code but this feature needs to be enabled by [email protected]
response = Authy::PhoneVerification.start(via: "sms", country_code: 1, phone_number: "111-111-1111")
if response.ok?
# verification was started
endAuthy::PhoneVerification.check takes a country code, phone number and a verification code.
response = Authy::PhoneVerification.check(verification_code: "1234", country_code: 1, phone_number: "111-111-1111")
if response.ok?
# verification was successful
endAnother way to provide Two_factor authentication with Authy is by using OneTouch feature. Check the official docs
Authy::OneTouch.send_approval_request takes the Authy user ID, a message to fill up the push notification
body, an optional hash details for the user and another optional hash for hidden details for internal app
control.
one_touch = Authy::OneTouch.send_approval_request(
id: @user.authy_id,
message: "Request to Login",
details: {
'Email Address' => @user.email,
},
hidden_details: { ip: '1.1.1.1' }
)As soon as the user approves or reject the push notification, Authy will hit a callback endpoint
(set into Dashboard) updating user's authy_status flag. You might have an endpoint in a controller
such as:
def callback
authy_id = params[:authy_id]
@user = User.find_by authy_id: authy_id
@user.update(authy_status: params[:status])
end- Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
- Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
- Fork the project.
- Start a feature/bugfix branch.
- Commit and push until you are happy with your contribution.
- Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
- Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
Copyright (c) 2011-2020 Authy Inc. See LICENSE.txt for further details.