Phone Number authentication in Strapi

Question

I am using Strapi for my android app and I need to login user by their phone number. There are many auth providers like email and password, google, facebook etc. But I can not find any documentation about adding phone number authentication. Please help.

Answer 1

This is possible to do that. You will have to use the customization concept to customize the callback function of the users-permissions plugin.

• Customization concept - https://strapi.io/documentation/v3.x/concepts/customization.html#plugin-extensions
• Function to update - https://github.com/strapi/strapi/blob/master/packages/strapi-plugin-users-permissions/controllers/Auth.js#L21
• For example:

First, you should define phone_number field inside the User model.

Then, you should overwrite extensions/users-permissions/controllers/Auth.js by add query.phone_number = params.identifier; under const query = { provider };

 const query = { provider };    
      // Check if the provided identifier is an email or not.  
 const isEmail = emailRegExp.test(params.identifier);  
      // Set the identifier to the appropriate query field.  
      if (isEmail) {  
        query.email = params.identifier.toLowerCase();  
      } else {  
        query.phone_number = params.identifier;  
      }

In this example, we tell Strapi that we can login by entering an email or phone number both are accepted.

And you can remove the if-condition and just write query.phone_number = params.identifier; if you want to login with a phone number only.

Answer 2

I think you can add some change to auth.js
that file is on this address

you can see login for instance.

Answer 3

@Ghadban125's answer is correct, though I'd like to add some more details.

Not only do you need to overwrite the callback function in ./node_modules/@strapi/plugin-users-permissions/server/controllers/auth.js. You'd also need to register your new function in your strapi-server.js (the one that you create under the src directory, not the one under node_modules, similar to how you overwrite the callback function) which looks like this:

const { callback } = require("./controllers/Auth.js");
const utils = require("@strapi/utils");
const { ApplicationError } = utils.errors;

module.exports = (plugin) => {
plugin.controllers.auth.callback = async (ctx) => {
    try {
      await callback(ctx);
      // ctx.send(result);
    } catch (error) {
      throw new ApplicationError(error.message);
    }
  };
}

You'll also need to differentiate the request's identifier between an email, username, or phone number. To do this, you'll need to edit your ./src/extensions/users-permissions/controllers/auth.js file:

/* left out for brevity */
const phoneNumberRegExp = /^[+]*[(]{0,1}[0-9]{1,4}[)]{0,1}[-\s\./0-9]*$/;
/* left out for brevity */
module.exports = {
  async callback(ctx) {
    /* left out for brevity */
    const query = { provider };

    // Check if the provided identifier is an email or not.
    const isEmail = emailRegExp.test(params.identifier);

    // Check if the provided identifier is a phone number or not.
    const isPhoneNumber = phoneNumberRegExp.test(params.identifier);

    // Set the identifier to the appropriate query field.
    if (isEmail) {
      query.email = params.identifier.toLowerCase();
    } else if (isPhoneNumber) {
      query.phoneNumber = params.identifier;
    } else {
      query.username = params.identifier;
    }
    /* left out for brevity */
  },
};

Answer 4

I have implemented the same on this github repo - https://github.com/mayank-budhiraja/strapi-with-otp-integration

A user is authenticated only through the OTP verification and all auth requests are made using the JWT token.