Automatic SMS Verification with the SMS Retriever API

As we all know that SMS and CALL permissions are not allowed by Google easily due to the security of user privacy. So in order to implement the OTP auto read functionality,
we have to implement SMS retriver API suggested by the google. For implementing it, you need to follow the steps given below:-

To implement automatic SMS verification in your app, see the Android and server guides:

Android Guide
Server Guide

Android Guide:-

Prerequisites

The SMS Retriever API is available only on Android devices with Play services version 10.2 and newer.

1. Obtain the user’s phone number

2. Start the SMS retriever
When you are ready to verify the user’s phone number, get an instance of the SmsRetrieverClient object, call startSmsRetriever, and
attach success and failure listeners to the SMS retrieval task:

// Get an instance of SmsRetrieverClient, used to start listening for a matching
// SMS message.
SmsRetrieverClient client = SmsRetriever.getClient(this /* context */);

// Starts SmsRetriever, which waits for ONE matching SMS message until timeout
// (5 minutes). The matching SMS message will be sent via a Broadcast Intent with
// action SmsRetriever#SMS_RETRIEVED_ACTION.
Task<Void> task = client.startSmsRetriever();

// Listen for success/failure of the start Task. If in a background thread, this
// can be made blocking using Tasks.await(task, [timeout]);
task.addOnSuccessListener(new OnSuccessListener<Void>() {
  @Override
  public void onSuccess(Void aVoid) {
    // Successfully started retriever, expect broadcast intent
    // ...
  }
});

task.addOnFailureListener(new OnFailureListener() {
  @Override
  public void onFailure(@NonNull Exception e) {
    // Failed to start retriever, inspect Exception for more details
    // ...
  }
});

// Get an instance of SmsRetrieverClient, used to start listening for a matching

// SMS message.

SmsRetrieverClient client = SmsRetriever.getClient(this /* context */);

// Starts SmsRetriever, which waits for ONE matching SMS message until timeout

// (5 minutes). The matching SMS message will be sent via a Broadcast Intent with

// action SmsRetriever#SMS_RETRIEVED_ACTION.

Task<Void> task = client.startSmsRetriever();

// Listen for success/failure of the start Task. If in a background thread, this

// can be made blocking using Tasks.await(task, [timeout]);

task.addOnSuccessListener(new OnSuccessListener<Void>() {

@Override

public void onSuccess(Void aVoid) {

// Successfully started retriever, expect broadcast intent

// ...

}

});

task.addOnFailureListener(new OnFailureListener() {

@Override

public void onFailure(@NonNull Exception e) {

// Failed to start retriever, inspect Exception for more details

// ...

}

});

The SMS retrieval task will listen for up to five minutes for an SMS message that contains a unique string that identifies your app.

3. Send the phone number to your server
After you have obtained the user’s phone number and started to listen for SMS messages, send the user’s phone number to your verification server
using any method (usually with an HTTPS POST request).

4. Receive verification messages
When a verification message is received on the user’s device, Play services explicitly broadcast to your app an SmsRetriever.SMS_RETRIEVED_ACTION Intent,
which contains the text of the message. Use a BroadcastReceiver to receive this verification message.

In the BroadcastReceiver’s onReceive handler, get the text of the verification message from the Intent’s extras:

/**
 * BroadcastReceiver to wait for SMS messages. This can be registered either
 * in the AndroidManifest or at runtime.  Should filter Intents on
 * SmsRetriever.SMS_RETRIEVED_ACTION.
 */
public class MySMSBroadcastReceiver extends BroadcastReceiver {

  @Override
  public void onReceive(Context context, Intent intent) {
    if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction())) {
      Bundle extras = intent.getExtras();
      Status status = (Status) extras.get(SmsRetriever.EXTRA_STATUS);

      switch(status.getStatusCode()) {
        case CommonStatusCodes.SUCCESS:
          // Get SMS message contents
          String message = (String) extras.get(SmsRetriever.EXTRA_SMS_MESSAGE);
          // Extract one-time code from the message and complete verification
          // by sending the code back to your server.
          break;
        case CommonStatusCodes.TIMEOUT:
          // Waiting for SMS timed out (5 minutes)
          // Handle the error ...
          break;
      }
    }
  }
}

/**

* BroadcastReceiver to wait for SMS messages. This can be registered either

* in the AndroidManifest or at runtime. Should filter Intents on

* SmsRetriever.SMS_RETRIEVED_ACTION.

public class MySMSBroadcastReceiver extends BroadcastReceiver {

@Override

public void onReceive(Context context, Intent intent) {

if (SmsRetriever.SMS_RETRIEVED_ACTION.equals(intent.getAction())) {

Bundle extras = intent.getExtras();

Status status = (Status) extras.get(SmsRetriever.EXTRA_STATUS);

switch(status.getStatusCode()) {

case CommonStatusCodes.SUCCESS:

// Get SMS message contents

String message = (String) extras.get(SmsRetriever.EXTRA_SMS_MESSAGE);

// Extract one-time code from the message and complete verification

// by sending the code back to your server.

break;

case CommonStatusCodes.TIMEOUT:

// Waiting for SMS timed out (5 minutes)

// Handle the error ...

break;

}

Register this BroadcastReceiver with the intent filter com.google.android.gms.auth.api.phone.SMS_RETRIEVED
(the value of the SmsRetriever.SMS_RETRIEVED_ACTION constant) in your app’s AndroidManifest.xml file,
as in the following example, or dynamically using Context.registerReceiver.

<receiver android:name=".MySMSBroadcastReceiver" android:exported="true">
    <intent-filter>
        <action android:name="com.google.android.gms.auth.api.phone.SMS_RETRIEVED"/>
    </intent-filter>
</receiver>

<intent-filter>

</intent-filter>

</receiver>

5. Send the one-time code from the verification message to your server
Now that you have the text of the verification message, use a regular expression or some other logic to get the one-time code from the message.
The format of the one-time code depends on how you implemented them in your server.

Finally, send the one-time code to your server over a secure connection. When your server receives the one-time code,
it records that the phone number has been verified.

Perform SMS Verification on a Server

The phone verification server is responsible for three tasks:

Constructing a verification message that includes a one-time code and has the format the client-side SMS Retriever API expects
Sending the verification message to the user’s device
Verifying the one-time code when it’s sent back to the server and completing any post-verification tasks your backend requires

In Order to get details for server end functionality, you can go through the following link:-

https://developers.google.com/identity/sms-retriever/verify

piyush pandey 28 February 2019

. . .

Automatic SMS Verification with the SMS Retriever API

Leave a Comment Cancel Reply

Message Sent!