User Authorization
Authorization is correlated with a client’s encryption key identifier: auth_id int 64. Additional parameters do not require to be passed into methods following authorization.
Sending a verification code
In order to authorize the user, a text message comprising an authorization code needs to be sent to the user's phone. We've provided this by using authSendCode constructor. Possible ways that the system will automatically choose how to send the authorization code are as follows:
- River code
- SMS code
The send_code method also has parameters for passing an SMS token that will be included in the sent SMS. For example, the latter is required in newer versions of Android, to use the android SMS receiver APIs.
With the SMS Retriever API, you can perform SMS-based user verification in your Android app automatically, without requiring the user to manually type verification codes, and without requiring any extra app permissions. When you implement automatic SMS verification in your app, the verification flow looks like this:
The returned authSendCode object will send multiple parameters:
| Method Name | Type | Description |
|---|---|---|
| PhoneCodeHash | String | Phone code hash, to be stored and later re-used with sign_in |
| Sendtophone |
The auth.resendCode method will be invoked if the message takes too long to arrive at the phone to resend the code by checking the phoneCodeHash parameter.
Sign in/sign up
As the user enters the verification code, the sign_in method will be employed to validate and sign in the user. If the user was registered, login will happen. Login method parameters are shown bellow:
| Method Name | Type | Description |
|---|---|---|
| Phone | Digit | 5 random digit including SMS or Push |
| PhoneCodeHash | String | Phone code hash, to be stored and later re-used with sign_in |
Otherwise, the method might return SignUp method and ErrCodeUnavailable = “E02": ErrItemPhone = “PHONE” error. It means that the account with this phone number doesn't exist yet and the user should sign up. Since then, the user needs to provide basic information, accept terms of service and then the new user registration method, sign_up, must be invoked. Register method parameters are shown bellow:
| Method Name | Type | Description |
|---|---|---|
| Phone | ||
| Phone | Digit | 5 random digit including SMS or Push |
| PhoneCodeHash | String | Phone code hash, to be stored and later re-used with sign_in |
| FirstName | String | |
| LastName | String |
We are authorized
The client key, auth_id, will associate with the user due to authorization. Then, each subsequent API call with this key will be executed with that user's identity. The authorization method itself returns the relevant user.