I’m working on a project where I need to implement a slightly unconventional login system. Instead of using email addresses for login, I want to use mobile numbers. Here’s the flow I’m envisioning:
A unique URL is generated for a specific user. (URL generated from the Template)
This URL is sent to the user via SMS or email.
Upon clicking the URL, the user is prompted to enter their mobile number.
The system then validates the mobile number to ensure the correct recipient is accessing the URL.
Once validated, a specific template or set of questions is duplicated for the user to fill out.
I’m curious if anyone has implemented something similar or has any advice on how to approach this, especially regarding:
Generating and managing unique URLs for users.
Setting up the login system to validate users based on mobile numbers.
Best practices for duplicating templates/forms upon validation.
Any guidance, examples, or resources you could share would be greatly appreciated!
I managed to do this without using a mobile number or email directly. I realize that email and mobile numbers are vital information that cannot just be sent over the internet. What I did was the following:
I generated a URL and a verification code that serves as a password, which I sent to the candidate’s real email. The URL is composed of a fake email like “tadabase4092830498001@appilication.io.”
Upon clicking the URL, it takes the user to a page that doesn’t look like a login page, but it actually is. The username field is auto-populated but hidden, and the only visible field is the password field where the verification code can be entered.
This way, it doesn’t appear like an actual login process, nor does it use the real email or mobile number, but it confirms the identity via the email.
I also managed to create a time-limited, expiring link. In case the link is not accessed within 24 hours, it will expire.
For starter, if the app will be accessible internationally, you will have to customized the password field using these codes: +61 or +64 or +44 or +1 which will be a complex one. (mind the spacing)
Second, if the candidate out of secrecy would rather provide email than mobile, then this would be the solution, I encounter people registering their number to “do not call” website just to have their privacy secure.
