 Hello everyone today, I'm going to show you how to strengthen your login by utilizing Twilio in an SMS based multi-factor authentication All right first things first You're gonna need an odds your account if you don't already have one if you do have one Go ahead and go to odds.com and log in so that you land on your dashboard here If you don't have one you can check the video notes below There's gonna be a link there for you to sign up Once you've signed up and gone through all the steps and verification needed You're gonna land on this dashboard page here for your individual tenant Now I'm going to be utilizing the react starter code which you can find also in the video notes below or on the screen right here This is going to give us a very foundational setup It's gonna do all the code for us We're just gonna update some values and then we're off and running So again, go ahead and go to the github page clone this repository to your own machine And then follow the steps down here to get up and running once you've installed and set up what you need To get set up in order to get this running and you run this locally This is what the app is gonna look like just a basic react app with a login button already ready for us Now inside of that sample code here I have it open it asks us to create this auth underscore config.json file and you can see it's got some dummy values in here We're gonna need to update the domain and client ID values for this example We're not gonna be messing around with the audience today so that we can actually just delete this here Now in order to get these values We need to go back to our Auth0 dashboard to create a new application And then we're gonna grab it from one of the the fields inside of that view So once you get back to your dashboard page on the left here We're look for this applications tab click applications and applications You can see that I've got a bunch already in mind if you're a new to Auth0 This will be your first one so press this create application button and since we're working with the react starter code This is a single page web application as you can see a JavaScript front-end app that uses an API That's us So go ahead and click that one and I'm just gonna call this one the Twilio example Perfect once that creates you can go ahead and skip this quick start tab and go over to settings This is what we're gonna be working out of you can see that my name is here the Twilio example The domain and client ID is what we need to pull over to our application So I'm going to do that now copy that domain and then grab the client ID as well Perfect now that we have those values in there back on our dashboard here in our application There's a couple of fields that we need to fill out Namely the allowed callback URLs Logout URLs and web origins. So right now. We're just working on local hosts 3000 So that's what I'm going to put into this field here As well as this one and allow web origins Perfect with that URL in those three fields. We can go down to the bottom and save it Perfect now as long as you're saved your code and started the server again Your application should now work in the browser. So I'm going to go to my local host example here Do a little refresh now we can try signing in so we'll log in to this application I'm going to for the first time just create a new dummy user. So I'll say Tyler to at Gmail Give it a strong password Now after I press continue here the next screen as you can see here is a consent screen Requesting that I give this application Access to my profile email going to accept and now I've successfully Authenticated with this new user you can see I have a little icon up here in the corner and then on my profile page here There's a little bit information about myself Now that I have my user here I can easily log out and log back in using that same user and you'll notice that as I do so All it's asking me for is my username and password my email and password I've given it There's no other authentication factors that are going to play here And that's what we're gonna do now a set up Twilio to make this a multi-factor authentication Now in order to get that set up you're going to need a Twilio account So a link to that is in the video notes as well But you're basically then go to create a free Twilio account So give you enough of credits in order to get this application working But obviously if you're working with enterprise level stuff and so on you're gonna need to add a credit card and pay But today you can get away with just using the free Twilio account as you can see here Now once you've gone through all the setup requirements that's asked by Twilio to get that free account You're gonna end up landing on their dashboard We're gonna be coming back to this dashboard here later on to grab this account SID and a token value that you see here before we do that We need to grab the Twilio trial phone number now This is a free number that Twilio lets us use and then this is the number that our users will be receiving a text from with the code to Input to complete their authentication So just get the trial phone number that you see here and it's gonna automatically assign us a number to use Click choose this number Perfect now this number appears down here below All right, so now let's go to our Ozzio dashboard and now configure Ozzio to use Twilio and these values that we've created here as a multi-factor authentication So back in your dashboard on the left. We're looking at the security tab and then the multi-factor off Now these are all the factors that you can use when using Ozzio instead of your application So you can use things like web auth in one type passwords or even push notifications using something like Guardian For us, we're going to enable the phone message factor The first thing that I want to do is enable this so I'll toggle this to green and you'll see the toast notification here saying that it is now enabled You can use the Ozzio delivery provider or Twilio or a custom obviously for this example we're using Twilio Now there are three different types of delivery methods that you can use SMS SMS and voice or just voice Let's keep it simple and just do SMS Now we need to go back to our Twilio dashboard and grab some values that we've already set up So the SID token and then the from phone number that we've just set up So I'm going to grab the account SID They sat there the token and then I'm going to use the free trial number in The from box perfect Now these two boxes here is where we can customize the text that goes to our users So we can leave it as is which will spit it out just like this or we can change this text to say something different We obviously don't want to touch this code in brackets here because this is that dynamic code that users will Get and input into their identity service and not zero when they're logging in I'm just gonna leave this as is and press save now this save will update the configurations Make sure you do toggle this to green Now you'll notice that everything else is disabled all the other factors except for our phone message option here Now if we were to try this into our react app that I have running still It's not gonna work because we need to do this second part on here Which is define how often we want our users to authenticate with multiple factors Right now we're on never. There's two other options though the adaptive MFA or just always The adaptive is off service way where we test the user's environment And if it seems like a risky scenario, then we're going to ask the user to authenticate using multiple factors Or there's just the always which is no matter what have them multi-factor authenticate So I'm gonna leave it on always and press save Now this is saying that all existing and new users who are not enrolled are going to be asked to enroll in this multi-factor authentication Perfect we get their notification toast and now we can go and test it out now back inside of our application Let's go ahead and log in now that we've enabled multi-factor authentication with Twilio so push login and Now we'll add the email that I created in the password Now notice it didn't automatically log us into our app. It's now asking me to enter my phone number to receive that text code We have this cool country selector here to get your country code So I'm gonna leave it at the United States and enter my phone number Perfect now. I'll wait for this message to come. There it is and enter that code Press enter and with that code being successful I'm now authenticated using Twilio and multi-factor authentication on to my dashboard