Sample passwordless phone number authentication with IdentityServer4 in ASP.NET Core 3.1
ATTENTION: This implementation is not fully rfc6749 complient, for creating custom
grant_type's follow instructions in section 8.3
NOTE: To be able to test locally you can change
"ReturnVerifyTokenForTesting : true"onappsettings.jsonit will returns usverify_tokenon response, however in production usages it must be removed and you should add real SMS service (Twilio, Nexmo, etc..) by implementingISmsServices
curl -H "Content-Type: application/json" \
-X POST \
-d '{"phonenumber":"+198989822"}' \
http://localhost:62537/api/verify_phone_number{
"resend_token": "CfDJ8F2fHxOfr9xAtc...",
"verify_token": "373635"
}Authentication by verification token
curl -H "Content-Type: application/x-www-form-urlencoded" \
-X POST \
-d 'grant_type=phone_number_token&client_id=phone_number_authentication&client_secret=secret&phone_number=%2B198989822&verification_token=373635' \
http://localhost:62537/connect/token{
"access_token": "CfDJ8F2fHxOfr9xAtc......",
"expires_in": 3600,
"token_type": "Bearer",
"refresh_token": "CfDJ8F2fHxOfr9xAtc...."
}Test your api controller by Bearer token
curl -i http://localhost:62732/api/Identity \
-H "Authorization: Bearer CfDJ8F2fHxOfr9xAtc......"{
"type": "phone_number",
"value": "+198989822"
}