Hi everyone,
I had verified my mobile number using otp but now I want that if my mobile number is verified then only it should be save in the database as I had stored otp in local variable. Similary I want to do this for email. how can I achieve this.
Hi Kapil,
On Generate OTP button near email field, you can send an email with a random code/password (with saving it in the database against the email address provided), so the user can send an OTP to themselves. At this point you can make the email address field read-only to prevent user from changing email address before OTP is verified.
Once they receive the email, they find the OTP and enter it in the next textbox, you can then check in your entity if the given email matches with the OTP in database. If it matches then mark it as verified email too.
Once mobile and email are verified, you can then proceed to save them in the entity where you store verified users.
Hi @Ravi Punjwani,
You had said that " At this point you can make the email address field read-only to prevent user from changing email address before OTP is verified. "
How to do that as I had difficulty in building that logic?
Hi Kapil
You can set the readonly property by adding a new attribute like below image:
You can have a similar effect by using Enabled property, but there will be a problem if you use Enabled property. When you submit the form after all validations, you might not get the form value of the form controls that are not enabled. So better use readonly property for having the desired outcome. You can however give it a try with both options to see if this is affecting your use case.
First things first, avoid storing OTP (sensitive data) on client side (Local var).
For mobile OTP, Use createOrUpdate action to update Phone number once mobile OTP is verified successfully.
For Email OTP, you can use "Cntrl+e then type Send Email" to trigger email with OTP in content. You can also use Twilio forge component for this as well. Logic similar to VerifyMobileNumberOnClick can be used for emailOTP verification.
On an additional note,
I would suggest to store both Mobile number and Email to database when user enters them. You can use two additional attributes "IsMobileNumberVerified" and "IsEmailVerified" for OTP verification purpose. Set default value for both as False and update them once verified.
Also make sure to check the OTP regeneration flow in SendOTP failure scenarios.
Disable the Generate/verify buttons once clicked for certain period of time to avoid DOS attacks.
Regards,
Ishan