TWIIO重新发出SMS(在短时间内) - 预期行为是什么
我正在使用提供多因素身份验证(MFA)服务(使用SMS和其他渠道)的身份和访问管理(IAM)供应商。他们使用 twilio 作为他们的SMS服务提供商,我目前看到的是我的IAM提供商的行为(在下面的方案中描述)很奇怪,想知道基础的Twilio API的行为是什么。
我无法从Twilio API文档中看到此信息,因此寻求帮助。
方案:
- 客户使用IAM登录,我的IAM提供商使用Twilio发送了OTP,
- OTP会通过,但是在我的测试案例中,我
在两个步骤中触发了重新启动的OTP进程,我收到了正确的消息(模板和Senderid,我们拥有的在IAM工具中配置的)
- 如果我现在第二次触发OTP重新启动过程(总数相同的第三个OTP),我们会收到一条具有Authmsg为senderID并使用默认模板消息的消息(这与什么不同于什么我们已经配置了)。
我正在与我的IAM供应商合作,了解这里发生了什么,我正在尝试查看Twilio是否在其中发挥作用(试图做一些智能,因为他们认为有一些SMS交付问题 - 这是我的信息在某种程度上,通过多次击中重新启动OTP来通信)
Authmsg是Twilio拥有的senderid吗?我不相信,但我试图更好地理解这个空间。
Senderid是一个因国家 /地区而异的结构。某些人认为用户在其他国家 /地区没有明确的注册过程中将其注册为当地监管机构。
我担心,如果我的客户收到此消息,他们会感到困惑,并怀疑一种垃圾邮件/网络钓鱼活动。
我尝试使用贝宝(Paypal)进行类似的练习,他们在SMS OTP恢复中保持一致。消息始终是相同的。与我的IAM提供商不同,PayPal从多个手机号码发送了OTP。在我的测试中,我观察到他们从两个不同的手机号码中发送OTP。
如果有人可以在此领域提供帮助并提供信息,这会很高兴。
我将继续与我的IAM提供商及其支持渠道合作,看看这里发生了什么。
I am using an Identity and Access Management(IAM) vendor who provide a Multi-Factor Authentication (MFA) Service (using SMS and other channels). They use Twilio as their SMS service provider and what I see currently is a behaviour (described in the scenario below) from my IAM provider which is strange and wondering what the underlying Twilio API's behavior is.
I am unable to see this info from the Twilio API docs hence seeking assistance.
Scenario:
- Customer uses IAM to login and my IAM provider using Twilio sends a OTP
- The OTP comes through but in my test case, I trigger the resend OTP process
In both the steps, I get the right message (the template and senderID that we have configured in the IAM tool)
- If I now trigger the OTP resend process a second time (3rd OTP in total for the same number), we receive a message which has AUTHMSG as the senderid and uses a default template message (which is different from what we have configured).
I am working with my IAM vendor to understand what is happening here and I am trying to see if Twilio is playing a part in this (trying to do some smarts as they think that there is some SMS delivery issue - which is the message I am in a way communicating by hitting the resend OTP multiple times)
Is AUTHMSG a senderID that is owned by Twilio? I don't believe so but I am trying to better understand this space.
SenderID is a construct that varies from country to country. Some Contries mandate that users register it with the local regulators while in other countries there is no explicit registration process.
I am worried that if my customers receive this message, they are going to be confused and suspect a Spam/Phishing kind of an activity.
I attempted a similar exercise with PayPal and they were consistent in their SMS OTP Resend. The message was always the same. Unlike my IAM provider, PayPal sends OTP from multiple mobile numbers. In my tests I observed them sending OTPs from two distinct mobile numbers.
Would be glad if someone could assist and provide info in this space.
I will continue to work with my IAM provider and their support channel to see what is happening here.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当使用 twilio verify 在一个支持字母数字发送者ID的国家/ 发件人ID并将其注册为需要此此类的国家/地区的国家/地区,以确保OTP消息的最佳可交付性。
我认为您需要与您的IAM提供商合作,并确定他们如何实施发送OTP消息以查看这里发生的事情。如果还不清楚,那么您或IAM提供者也可能必须联系 twilio support 。
When using Twilio Verify in a country that supports alphanumeric sender IDs, Twilio uses the
AUTHMSGsender ID and registers it with countries around the world that require this, to ensure the best deliverability of OTP messages.I think you will need to work with your IAM provider, and work out how they have implemented sending OTP messages to see what is going on here. If it is unclear, then you or the IAM provider may also have to contact Twilio support.