Is there a way modify Payload to have the auth with a phone number instead of an email?

[ninahorne]

I have a front-end application that will be consuming my Payload API, and the preferred design would be to have users authenticate with their phone numbers instead of emails (these are non-admin panel users. using email and password for the admin panel is just fine. They will be separate user Collections).

Has anyone been able to do this? Or have any ideas on how it might be done? Is there any way to customize the authentication process or integrate a third party?

I appreciate any help anyone can offer! Thanks

[jmikrut]

Hey Nina, hope all is well!

We've actually got a Roadmap item dedicated toward solving this issue specifically:

#290

Right now, the only built-in authentication mechanisms are via local user auth via email / password and API key-based auth. But, with this roadmap item in place, you'd be able to easily extend the way that users are authenticated however you need (SSO, phone number, third-party auth like GitHub, FB, etc.)

It's slated to land by the end of Q1 2022 but if this is urgent for you there's a good chance that we can bump it up in priority.

When will this become a "must-have" for you?

Also, right now, you could extend the login operation with hooks that accept a phone number / password instead of an email and password, and in the hook, you could look up a user by phone and then auto-fill the email address / password. Obviously for this to work, the user would still need to enter an email, phone, and password while creating their account. But it could be done!

[geminigeek]

Hi,
can you elaborate how and where to implement this , extending the login functionality

you could extend the login operation with hooks

Thanks
Dee

[geminigeek]

hi,

i figured it out myself , it should be done in "beforeOperation" hook.

[ninahorne]

Thanks for the response, James!

So we're hoping to launch our product at the end of May. Ideally would have auth configured a month or so before that so early April would be great.

Can you tell me more about this update? Will it support specific things or just allow for more easy customization of authentication functions? Very excited about it!

[jmikrut]

Our Roadmap feature will likely not ship with any specific new auth strategies out of the box. Maybe, but I don't think that's the goal of the roadmap item. Over time, people will build plugins that add support for X, Y, whatever auth strategy but the roadmap item itself is just to make it so you can build your own authentication strategies in a clear, structured and secure way.

There's not much work involved in making this happen, so I think we can probably get this done in time for you to give it a whirl! We'd definitely be able to provide an example or two as well when the feature rolls out and doing a phone number-based auth strategy could be first up for sure.

Question for you—in your context, when you allow users to log in via phone, do they still need to have an email address present? To reset password and such?

[ninahorne]

Thank you for this explanation. That makes perfect sense.

In our context, we're still working out the best strategy but ideally, the user would not need to enter an email. We would integrate with an SMS service like Twilio or Sakari to send a one-time code to their phone for account verification.

[jmikrut]

OK. That's what I expected and this should not be a problem but is good for us to keep in mind when we build out that roadmap item. Basically making email optional. Should be totally doable. 👍

[beholdr]

Hi,
We need same feature :) Register via phone with initial SMS verification and then phone/password login (e-mail is optional). Would be super cool to see this implemented.

[sinamoradi1375]

I also need the same feature as well 💯, wish you guys all the best.

[leesei]

I suppose this feature is added in 1.0 and can be marked completed.
https://payloadcms.com/docs/authentication/config#strategies