cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Feedback portal with OTP authentication

‎01-04-2022 12:42 AM

I have a use-case that requires users to fill forms for feedback, complaints or suggestions. Before seeing and submitting the form, they need to verify their identify through an OTP sent by SMS to their phones.

 

We want to use Power Apps portals for that, as we need it to be publicly accessible, but it's really not intuitive for me and the documentation doesn't help either. How would I best achieve this? The user, upon hitting the 'website', can either see a page asking them to input their phone numbers, which then sends the OTP, verifies it, and finally navigates them to another page which is the form, OR just see the form from the beginning, input all their info (including their phone numbers), and upon submitting, an OTP is sent, verified and only then, the form submits successfully.

 

I want to use Twilio for sending and verifying the OTPs. How can I link the submit or any button to its API? Do I have to use a Power Automate flow here? I've seen PA supports sending messages to SMS, would that be it or is there a separate action for OTPs?

Message 1 of 8
1,338 Views
0 Kudos
7 REPLIES 7
OOlashyn
MVP

‎01-05-2022 07:17 AM

Hi @Anonymous ,

This is an interesting question. If you want your user to login into the portal before accessing and submitting data one way you could achieve this would be to use Azure AD B2C as your identity provider. They natively support 2-factor auth with SMS support. If you want your portal to be accessed by any user without auth then a possible solution might be to call Power Automate (either via HTTP or while creating record in the system) that will generate some OTP code, save it in the system and send then via Twillio (or any other SMS provider) to the user. Then user enters that code that you can validate either via Read Web API or by other methods and confirms submit. You can also use custom Azure Functions instead of Power Automate or just call Twillio API directly from the portal but in the last scenario, you would need to come up with some secure way of generating and validation process which might be tricky to do on the front end.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.
Message 2 of 8
1,273 Views
NikitaPolyakov
Microsoft
Microsoft
In response to OOlashyn

‎01-05-2022 10:44 AM

You for sure would need to get a Twillio API thing to come back and set the Verfied flag somewhere on the back end - as that would not happen on the Portal front-end.

 

Portal = Dataverse = Automate Cloud flow = Twillio API

Not guranteed speed

 

Portal = Custom API Front-end = Twillio API

Faster

 

Twillio API = Power Automate (does phone number matching in Dataverse = Set Dataverse table record to Verified

 

This would be all Async to the user as portal does not currently have Sync intergration pattern 

 

 

 

Message 3 of 8
1,264 Views
Anonymous
Not applicable
In response to OOlashyn

‎01-05-2022 12:24 PM

Thank you for the reply. What I want is for users to access the feedback form without having to login. The only authentication they have to do is verifying their phone numbers through an OTP before or when submitting the form. 

 

I created a custom Twilio API using Node.js with two routes: one that generates an OTP and sends it to the user, and another that verifies it. I then used Javascript in the Portal script code of a page to fetch the API; user clicks a button, enters their phone number and an OTP is sent; a text input appears, asking for the OTP which triggers the verify API call; if it's verified, a message appears and the user is redirected to another page; otherwise, they're asked to verify again.

 

Now, I'm assuming this isn't very safe as I basically expose the API calls on the client side/front-end, but it did seem the easiest. Any documentation on how I could use an Azure Function? What would be the trigger?

Message 4 of 8
1,258 Views
0 Kudos
Anonymous
Not applicable
In response to NikitaPolyakov

‎01-05-2022 12:33 PM

Thank you for the reply. 

 

If I use Power Automate, I'd have to first create a HTTP request trigger, which then feeds into a random number generator (if that's possible), and finally to the Twilio send SMS action. I store the OTP of that unique user in a  table. Using Javascript, I'd have to connect to the entity which is storing all the OTPs (using Liquid templating and FetchXML, I'm assuming?), and compare the OTP code the user inputs somewhere against the OTP stored in backend/db. If it's verified, I somehow either change the status or just delete the record. Am I thinking correctly here?

Message 5 of 8
1,258 Views
0 Kudos
OOlashyn
MVP
In response to Anonymous

‎01-06-2022 02:01 PM

@Anonymous it is not unsafe if you are not exposing any secrets and passwords for your API. You can also further protect your API by using for example Azure API Management to hide actual endpoints, allow calls only from your website etc. I am not sure that there some official guide on how to get started with Azure Functions and Dataverse or Dynamics but there are plenty of blog posts. Also in your case, you might not need to connect with Dataverse at all. As a good starting point for Azure Function and Node.js see here - https://docs.microsoft.com/en-us/azure/azure-functions/functions-get-started?pivots=programming-language-javascript. Regarding the trigger - you can create HTTP trigger function and call it as a regular API endpoint.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.
Message 6 of 8
1,240 Views
Anonymous
Not applicable
In response to OOlashyn

‎01-09-2022 11:01 PM

I tried Azure Functions and it worked very well. I just hosted my code in a Function App and used the request url it generated with the HTTP trigger. 

 

One thing though; what I currently do is generate an OTP through a POST request, and then verify the OTP (all through Twilio). If the OTP is verified, it redirects the user to another page (form page). But users can just bypass the OTP page and go to the form page directly. Is there a way to prevent that? I thought of the page level permissions but they depend on authentication like Azure AD or the support third parties, not something custom like the OTP. How would I be able to restrict the user who hasn't verified their OTP, to go directly to the form page, and only be able to go there when they verify?

 

I know I can do all of this in one page, but they want two separate pages for some reason.

 

Thanks.

Message 7 of 8
1,218 Views
0 Kudos
OOlashyn
MVP
In response to Anonymous

‎01-11-2022 02:29 PM

@Anonymous interesting question. Well, this might be overkill, but the first thing that came to my mind is when you send an OTP to the user save it to the Dataverse and then when the user is redirected to the new page include that OTP in the request URL and use liquid to validate that this OTP indeed exists and didn't expire and show page content otherwise show an error. It sounds like a double verification (and it is ) but I don't see anything else straight away for two-page approach. If I will get another idea will reply again.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.
Message 8 of 8
1,206 Views
0 Kudos

Helpful resources

Announcements
Announcement image

Back to Basics: Tuesday Tip #1: All About YOUR Community Account

We are excited to kick off our new #TuesdayTIps series, "Back to Basics." This weekly series is our way of helping the amazing members of our community--both new members and seasoned veterans--learn and grow in how to best engage in the community! Each Tuesday, we will feature new areas of content that will help you best understand the community--from ranking and badges to profile avatars, from Super Users to blogging in the community. Our hope is that this information will help each of our community members grow in their experience with Power Platform, with the community, and with each other!     This Week's Tips: Account Support: Changing Passwords, Changing Email Addresses or Usernames, "Need Admin Approval," Etc.Wondering how to get support for your community account? Check out the details on these common questions and more. Just follow the link below for articles that explain it all.Community Account Support - Power Platform Community (microsoft.com)   All About GDPR: How It Affects Closing Your Community Account (And Why You Should Think Twice Before You Do)GDPR, the General Data Protection Regulation (GDPR), took effect May 25th 2018. A European privacy law, GDPR imposes new rules on companies and other organizations offering goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. GDPR applies no matter where you are located, and it affects what happens when you decide to close your account. Read the details here:All About GDPR - Power Platform Community (microsoft.com)   Getting to Know You: Setting Up Your Community Profile, Customizing Your Profile, and More.Your community profile helps other members of the community get to know you as you begin to engage and interact. Your profile is a mirror of your activity in the community. Find out how to set it up, change your avatar, adjust your time zone, and more. Click on the link below to find out how:Community Profile, Time Zone, Picture (Avatar) & D... - Power Platform Community (microsoft.com)   That's it for this week. Tune in for more Tuesday Tips next Tuesday and join the community as we get "Back to Basics."

Announcement image

Announcing the MPPC's Got Power Talent Show at #MPPC23

Are you attending the Microsoft Power Platform Conference 2023 in Las Vegas? If so, we invite you to join us for the MPPC's Got Power Talent Show!      Our talent show is more than a show—it's a grand celebration of connection, inspiration, and shared journeys. Through stories, skills, and collective experiences, we come together to uplift, inspire, and revel in the magic of our community's diverse talents. This year, our talent event promises to be an unforgettable experience, echoing louder and brighter than anything you've seen before.    We're casting a wider net with three captivating categories:  Demo Technical Solutions: Show us your Power Platform innovations, be it apps, flows, chatbots, websites or dashboards... Storytelling: Share tales of your journey with Power Platform. Hidden Talents: Unveil your creative side—be it dancing, singing, rapping, poetry, or comedy. Let your talent shine!    Got That Special Spark? A Story That Demands to Be Heard? Your moment is now!  Sign up to Showcase Your Brilliance: https://aka.ms/MPPCGotPowerSignUp  Deadline for submissions: Thursday, Sept 28th    How It Works:  Submit this form to sign up: https://aka.ms/MPPCGotPowerSignUp  We'll contact you if you're selected. Get ready to be onstage!  The Spotlight is Yours: Each participant has 3-5 minutes to shine, with insightful commentary from our panel of judges. We’re not just giving you a stage; we’re handing you the platform to make your mark.     Be the Story We Tell: Your talents and narratives will not just entertain but inspire, serving as the bedrock for our community’s future stories and successes.    Celebration, Surprises, and Connections: As the curtain falls, the excitement continues! Await surprise awards and seize the chance to mingle with industry experts, Microsoft Power Platform leaders, and community luminaries. It's not just a show; it's an opportunity to forge connections and celebrate shared successes.    Event Details:  Date and Time: Wed Oct 4th, 6:30-9:00PM   Location: MPPC23 at the MGM Grand, Las Vegas, NV, USA  

Announcement image

September User Group Success Story: Reading Dynamics 365 & Power Platform User Group

The Reading Dynamics 365 and Power Platform User Group is a community-driven initiative that started in September 2022. It has quickly earned recognition for its enthusiastic leadership and resilience in the face of challenges. With a focus on promoting learning and networking among professionals in the Dynamics 365 and Power Platform ecosystem, the group has grown steadily and gained a reputation for its commitment to its members!   The group, which had its inaugural event in January 2023 at the Microsoft UK Headquarters in Reading, has since organized three successful gatherings, including a recent social lunch. They maintain a regular schedule of four events per year, each attended by an average of 20-25 enthusiastic participants who enjoy engaging talks and, of course, pizza.     The Reading User Group's presence is primarily spread through LinkedIn and Meetup, with the support of the wider community. This thriving community is managed by a dedicated team consisting of Fraser Dear, Tim Leung, and Andrew Bibby, who serves as the main point of contact for the UK Dynamics 365 and Power Platform User Groups.   Andrew Bibby, an active figure in the Dynamics 365 and Power Platform community, nominated this group due to his admiration for the Reading UK User Group's efforts. He emphasized their remarkable enthusiasm and success in running the group, noting that they navigated challenges such as finding venues with resilience and smiles on their faces. Despite being a relatively new group with 20-30 members, they have managed to achieve high attendance at their meetings.   The group's journey began when Fraser Dear moved to the Reading area and realized the absence of a user group catering to professionals in the Dynamics 365 and Power Platform space. He reached out to Andrew, who provided valuable guidance and support, allowing the Reading User Group to officially join the UK Dynamics 365 and Power Platform User Groups community.   One of the group's notable achievements was overcoming the challenge of finding a suitable venue. Initially, their "home" was the Microsoft UK HQ in Reading. However, due to office closures, they had to seek a new location with limited time. Fortunately, a connection with Stephanie Stacey from Microsoft led them to Reading College and its Institute of Technology. The college generously offered them event space and support, forging a mutually beneficial partnership where the group promotes the Institute and encourages its members to support the next generation of IT professionals.   With the dedication of its leadership team, the Reading Dynamics 365 and Power Platform User Group is poised to continue growing and thriving! Their story exemplifies the power of community-driven initiatives and the positive impact they can have on professional development and networking in the tech industry. As they move forward with their upcoming events and collaborations with Reading College, the group is likely to remain a valuable resource for professionals in the Reading area and beyond.

Announcement image

A Celebration of What We've Achieved--And Announcing Our Winners

As the sun sets on the #SummerofSolutions Challenge, it's time to reflect and celebrate! The journey we embarked upon together was not just about providing answers – it was about fostering a sense of community, encouraging collaboration, and unlocking the true potential of the Power Platform tools.   From the initial announcement to the final week's push, the Summer of Solutions Challenge has been a whirlwind of engagement and growth. It was a call to action for every member of our Power Platform community, urging them to contribute their expertise, engage in discussions, and elevate collective knowledge across the community as part of the low-code revolution.   Reflecting on the Impact As the challenge ends, it's essential to reflect on the impact it’s had across our Power Platform communities: Community Resilience: The challenge demonstrated the resilience of our community. Despite geographical distances and diverse backgrounds, we came together to contribute, learn, and collaborate. This resilience is the cornerstone of our collective strength.Diverse Expertise: The solutions shared during the challenge underscore the incredible expertise within our community. From intricate technical insights to creative problem-solving, our members showcased their diverse skill sets, enhancing our community's depth.Shared Learning: Solutions spurred shared learning. They provided opportunities for members to grasp new concepts, expand their horizons, and uncover the Power Platform tools' untapped potential. This learning ripple effect will continue to shape our growth. Empowerment: Solutions empowered community members. They validated their knowledge, boosted their confidence, and highlighted their contributions. Each solution shared was a step towards personal and communal empowerment. We are proud and thankful as we conclude the Summer of Solutions Challenge. The challenge showed the potential of teamwork, the benefit of knowledge-sharing, and the resilience of our Power Platform community. The solutions offered by each member are more than just answers; they are the expression of our shared commitment to innovation, growth, and progress!   Drum roll, Please... And now, without further ado, it's time to announce the winners who have risen above the rest in the Summer of Solutions Challenge!   These are the top community users and Super Users who have not only earned recognition but have become beacons of inspiration for us all.   Power Apps Community:  Community User Winner: @SpongYe Super User Winner: Pending Acceptance Power Automate Community:  Community User Winner: @trice602 Super User Winner: @Expiscornovus  Power Virtual Agents Community: Community User Winner: Pending AcceptanceSuper User: Pending Acceptance Power Pages Community: Community User Winner: @OOlashyn Super User Winner: @ChristianAbata   We are also pleased to announced two additional tickets that we are awarding to the Overall Top Solution providers in the following communities:    Power Apps: @LaurensM   Power Automate: @ManishSolanki    Thank you for making this challenge a resounding success. Your participation has reaffirmed the strength of our community and the boundless potential that lies within each of us. Let's keep the spirit of collaboration alive as we continue on this incredible journey in Power Platform together.Winners, we will see you in Vegas! Every other amazing solutions superstar, we will see you in the Community!Congratulations, everyone!

Announcement image

September Featured user group leader

 Ayonija Shatakshi, a seasoned senior consultant at Improving, Ohio,is a passionate advocate for M365, SharePoint, Power Platform, and Azure, recognizing how they synergize to deliver top-notch solutions. Recently, we asked Ayonija to share her journey as a user group leader, shedding light on her motivations and the benefits she's reaped from her community involvement.      Ayonija embarked on her role as a user group leader in December 2022, driven by a desire to explore how the community leveraged various Power Platform components. When she couldn't find a suitable local group, she decided to create one herself!     Speaking about the impact of the community on her professional and personal growth, Ayonija says, "It's fascinating to witness how everyone navigates the world of Power Platform, dealing with license constraints and keeping up with new features. There's so much to learn from their experiences.    Her favorite aspect of being a user group leader is the opportunity to network and engage in face-to-face discussions with fellow enthusiasts, fostering deeper connections within the community. Offering advice to budding user group leaders, Ayonija emphasized the importance of communication and consistency, two pillars that sustain any successful community initiative.      When asked why she encourages others to become user group leaders, Ayonija said, "Being part of a user group is one of the best ways to connect with experienced professionals in the same field and glean knowledge from them. If there isn't a local group, consider starting one; you'll soon find like-minded individuals."      Her highlight from the past year as a user group leader was witnessing consistent growth within the group, a testament to the thriving community she has nurtured. Advocating for user group participation, Ayonija stated, "It's the fastest route to learning from the community, gaining insights, and staying updated on industry trends."   Check out her group: Cleveland Power Platform User Group

Announcement image

Get coding assistance with Copilot while editing site code in Visual Studio Code desktop

We are excited to announce a new preview feature: Copilot in Power Pages for Visual Studio Code desktop. This feature provides you with coding assistance while you edit your site code in Visual Studio Code desktop using natural language chat interaction. You can use Copilot in Power Pages to describe your expected code behavior and get AI-generated code snippets that you can refine and use for various aspects of your site development.   Note: To use this feature, you need to sign into your environment, and it is only available in the US region in English language.   Feature capabilities With Copilot, you can get coding assistance for: Form and List customization: allow custom validation for forms and add interactive experience to form and list using JavaScript.Webpage customizations: generate HTML components and add styles to your pages.Web Template: generate HTML templates.Liquid: generate liquid code to add dynamic content in Webpages or Web Templates.FetchXML: Get help with writing FetchXML to query data from Dataverse.Web API: Generate code for Power Pages Web APIs to Create/Read/Update/Delete Dataverse records.Content Snippets: Get help with writing reusable content blocks across multiple pages.Provide feedback:Use feedback option to share your input and suggestions. 1. Form and List customization Form and List customization is a feature that allows you to customize the appearance and behavior of your forms and lists on your site pages. You can use Form and List customization to change the layout, style, validation, and actions of your Forms and Lists. With Copilot, you can chat with the AI assistant and get code snippets for adding custom validation and interactivity to your Forms and Lists in your site code. Sample prompt for form validation Generate JavaScript code for form field validation to ensure age is greater than 18. Sample prompt for list customization Write JavaScript code to highlight the row where loan status is approved in table list. To learn more about Form and List customization, visit form link and list link. 2. Webpage customizations Webpage customizations is a feature that allows you to customize various aspects of your webpages such as HTML components, styles, and more. You can use Webpage customizations to enhance the look and feel of your site pages. With Copilot, you can chat with the AI assistant and get code snippets for generating HTML components and adding styles to your pages in your site code. Sample prompt Write HTML code for the webpage to show loan registration form FAQ as a list group. To learn more about Webpage customizations, visit this link. 3. Web Template Web Template is a feature that allows you to create HTML templates for your site pages. You can use Web Template to define the layout, style, and content of your pages. With Copilot, you can chat with the AI assistant and get code snippets for creating and using Web Templates in your site code. Sample prompt Create a web template with breadcrumb and page title. To learn more about Web Template, visit this link. 4. Liquid Liquid is a feature that allows you to add dynamic content to your Webpages or Web Templates. You can use Liquid to access data from Dataverse or other sources and display it on your pages. With Copilot, you can chat with the AI assistant and get code snippets for writing Liquid expressions in your site code. Sample prompt Generate liquid code to check if user has admin role. To learn more about Liquid, visit this link. 5. FetchXML FetchXML is a feature that allows you to query data from Dataverse using XML syntax. You can use FetchXML to filter, sort, aggregate, or join data from different entities. With Copilot, you can chat with the AI assistant and get code snippets for writing FetchXML queries in your site code. Sample prompt Generate a fetchxml liquid query to retrieve the list of contacts who are having credit score more than 500 and are active. To learn more about FetchXML, visit this link. 6. Web API Web API is a feature that allows you to interact with Dataverse records using HTTP requests. You can use Web API to create, read, update, or delete records from different entities. With Copilot, you can chat with the AI assistant and get code snippets for writing Web API requests in your site code. Sample prompt Generate Web API code to query active contact records. To learn more about Web API, visit this link. 7. Content Snippets Content Snippets is a feature that allows you to write reusable content blocks that can be used across multiple pages. You can use Content Snippets to store common HTML, CSS, or JavaScript code that you want to reuse on different pages. With Copilot, you can chat with the AI assistant and get code snippets for creating and using Content Snippets in your site code. Sample prompt Generate content snippets to display copyright, current date and "All rights reserved." message. To learn more about Content Snippets, visit this link. 8. Provide feedback In every response of the Copilot chat, select the feedback options, a thumb up () if you like the response or thumb down () if you didn’t like it. Your feedback greatly helps improve the capabilities of this feature. How to use Copilot Install Power Platform Extension: Ensure you have the Power Platform Tools extension (version 2.0.3 or higher) installed within Visual Studio Code .Access Copilot: Download and open your Power Pages site root folder in Visual Studio Code and activate the Copilot feature from left navigation by selecting “Power Platform”.Engage in Natural Language Interaction: Describe the expected behavior of your code using natural language. Copilot will generate code snippets based on your descriptions.Insert or copy AI generated code to your site: If you are happy with the generated code, you can easily copy and paste the code snippet or insert the code to Power Pages site.Refine and Implement: Review the AI-generated code snippets, refining them as needed to match your exact requirements.Provide feedback: Select the feedback options, a thumb up ( ) if you like the response or thumb down () if you didn’t like it and provide your feedback. We are looking forward to your feedback Copilot in Power Pages is designed to streamline your coding journey and amplify your creativity. Your feedback is crucial in shaping the future of this feature. We want to  hear from you! See documentation here for a detailed overview.  Full product blog here:  Get coding assistance with Copilot while editing site code in Visual Studio Code desktop| Microsoft Power Page   Thank you,  Neeraj Nandwana   

Users online (3,681)