SMS Two Factor Authentication (Dual Factor Authentication) is a security verification procedure, which is triggered through a user logging into a website, software or application. In the log-in process, the user is automatically sent an SMS to their mobile number containing a unique numeric code.
There are a number of organizations providing this service and as long as they have well documented REST API’s you can easily integrate AEM Forms using the data integration capabilities of AEM Forms. For the purpose of this tutorial, I have used Nexmo to demonstrate the SMS 2FA use case.
The following steps were followed to implement the SMS 2FA with AEM Forms using Nexmo Verify service.
Create a developer account with Nexmo. Make a note of the API Key and API Secret Key. These keys will be needed to invoke REST API’s of the Nexmo’s service.
OpenAPI Specification (formerly Swagger Specification) is an API description format for REST APIs. An OpenAPI file allows you to describe your entire API, including:
To create your first swagger/OpenAPI file, please follow the OpenAPI documentation
AEM Forms supports OpenAPI Specification version 2.0 (fka Swagger).
Use the swagger editor to create your swagger file to describe the operations that send and verify OTP code sent using SMS. The swagger file can be created in JSON or YAML format. The completed swagger file can be downloaded from here
To integrate AEM/AEM Forms with third party applications, we need to create data source in the cloud services configuration.
AEM Forms data integration provides an intuitive user interface to create and work with form data models. A form data model relies on data sources for exchange of data.
The completed form data model can be downloaded from here
Integrate the POST invocations of the Form Data Model with your adaptive form to verify the mobile phone number entered by the user in the form. You are free to create your own adaptive form and use the form data model’s POST invocation to send and verify OTP code as per your requirements.
If you want to use the sample assets with your API keys please follow the following steps: