NOTE: You can use this module for authenticating user logins using a One-Time-Password (sent via SMS or email).
This module provides a Form API Render Element called otp_field.
This element is designed to verify an identity (such as an email address or a mobile number) using a One-Time-Password (OTP) secret.
The main otp_field module, is an API-Only module, for developers. (A few useful submodules are also contained in this project. see below.)
Example usage
The most basic usage of this element is like this:
$form['otp_example'] = [
'#type' => 'otp_field',
'#title' => 'OTP Field Example',
'#required' => TRUE,
'#otp_field_processor' => 'otp_field_sms_processor',
];
For more detailed example, look inside the otp_field.api.php file.
This project also contains three complementary submodules alongside the main otp_field module:
The SMS submodule (otp_field_sms)
While the main otp_field module can only verify email addresses, this submodule provides a special plugin to verify mobile numbers by sending a SMS message through the smsframework module.
This module stores the users' mobile numbers in a Telephone Field in user profiles (which can be configured in module settings.)
When a new user is registered by mobile number, a fake email address is automatically generated and assigned to the user. (Because Drupal requires users to have an email address)
You can configure the SMS text as you wish. You can use tokens in the SMS text. (The token module is helpful)
This module provides the [otp_field_sms:secret_code] token which will be replaced by the secret code.
Note: Some SMS gateways support sending SMS messages by pattern, for speed and security of the SMS delivery.
For those SMS gateways, you may use something like this as the SMS text:
(Refer to your gateway's documentation for the exact code)
patterncode:some-pattern-id;code:[otp_field_sms:secret_code]
The User Auth submodule (otp_field_user_auth)
This submodule, uses the otp_field system, and allows the site users to login or register to the site using One-Time-Password.
Users may authenticate themselves either by their email address or their mobile number (configurable by administrator)
This module can optionally register new users, when the provided identity (email or mobile) is not assigned to an existing account.
When a new user is automatically registered by this module, an optional role can be assigned to them.
This module can also be configured to prevent administrator accounts to login by OTP.
This module also can replace Drupal's default login form (/user/login) and can optionally disable the default password reset page and the default user registration page.
The Commerce Pane submodule (commerce_checkout_otp_login)
This submodule provides a commerce checkout pane that allows customers to login using a One-Time-Password.
This checkout pane should replace the commerce's default "login or continue as guest" pane.
Project sponsors
The following individuals and companies have supported this project:
Project information
- Project categories: Access control, Developer tools
- Ecosystem: SMS Framework, Commerce Core
12 sites report using this module- Created by hejazee on , updated
Stable releases for this project are covered by the security advisory policy.
There are currently no supported stable releases.
Releases
1.0.0-beta4
released 12 May 2024
Works with Drupal: ^9 || ^10
Install:
Development version: 1.0.x-dev updated 12 May 2024 at 22:40 UTC
