cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Feedback portal with OTP authentication

‎01-04-2022 12:42 AM

I have a use-case that requires users to fill forms for feedback, complaints or suggestions. Before seeing and submitting the form, they need to verify their identify through an OTP sent by SMS to their phones.

 

We want to use Power Apps portals for that, as we need it to be publicly accessible, but it's really not intuitive for me and the documentation doesn't help either. How would I best achieve this? The user, upon hitting the 'website', can either see a page asking them to input their phone numbers, which then sends the OTP, verifies it, and finally navigates them to another page which is the form, OR just see the form from the beginning, input all their info (including their phone numbers), and upon submitting, an OTP is sent, verified and only then, the form submits successfully.

 

I want to use Twilio for sending and verifying the OTPs. How can I link the submit or any button to its API? Do I have to use a Power Automate flow here? I've seen PA supports sending messages to SMS, would that be it or is there a separate action for OTPs?

Message 1 of 8
1,088 Views
0 Kudos
7 REPLIES 7
OOlashyn
MVP

‎01-05-2022 07:17 AM

Hi @Anonymous ,

This is an interesting question. If you want your user to login into the portal before accessing and submitting data one way you could achieve this would be to use Azure AD B2C as your identity provider. They natively support 2-factor auth with SMS support. If you want your portal to be accessed by any user without auth then a possible solution might be to call Power Automate (either via HTTP or while creating record in the system) that will generate some OTP code, save it in the system and send then via Twillio (or any other SMS provider) to the user. Then user enters that code that you can validate either via Read Web API or by other methods and confirms submit. You can also use custom Azure Functions instead of Power Automate or just call Twillio API directly from the portal but in the last scenario, you would need to come up with some secure way of generating and validation process which might be tricky to do on the front end.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.
Message 2 of 8
1,023 Views
NikitaPolyakov
Microsoft
Microsoft
In response to OOlashyn

‎01-05-2022 10:44 AM

You for sure would need to get a Twillio API thing to come back and set the Verfied flag somewhere on the back end - as that would not happen on the Portal front-end.

 

Portal = Dataverse = Automate Cloud flow = Twillio API

Not guranteed speed

 

Portal = Custom API Front-end = Twillio API

Faster

 

Twillio API = Power Automate (does phone number matching in Dataverse = Set Dataverse table record to Verified

 

This would be all Async to the user as portal does not currently have Sync intergration pattern 

 

 

 

Message 3 of 8
1,014 Views
Anonymous
Not applicable
In response to OOlashyn

‎01-05-2022 12:24 PM

Thank you for the reply. What I want is for users to access the feedback form without having to login. The only authentication they have to do is verifying their phone numbers through an OTP before or when submitting the form. 

 

I created a custom Twilio API using Node.js with two routes: one that generates an OTP and sends it to the user, and another that verifies it. I then used Javascript in the Portal script code of a page to fetch the API; user clicks a button, enters their phone number and an OTP is sent; a text input appears, asking for the OTP which triggers the verify API call; if it's verified, a message appears and the user is redirected to another page; otherwise, they're asked to verify again.

 

Now, I'm assuming this isn't very safe as I basically expose the API calls on the client side/front-end, but it did seem the easiest. Any documentation on how I could use an Azure Function? What would be the trigger?

Message 4 of 8
1,008 Views
0 Kudos
Anonymous
Not applicable
In response to NikitaPolyakov

‎01-05-2022 12:33 PM

Thank you for the reply. 

 

If I use Power Automate, I'd have to first create a HTTP request trigger, which then feeds into a random number generator (if that's possible), and finally to the Twilio send SMS action. I store the OTP of that unique user in a  table. Using Javascript, I'd have to connect to the entity which is storing all the OTPs (using Liquid templating and FetchXML, I'm assuming?), and compare the OTP code the user inputs somewhere against the OTP stored in backend/db. If it's verified, I somehow either change the status or just delete the record. Am I thinking correctly here?

Message 5 of 8
1,008 Views
0 Kudos
OOlashyn
MVP
In response to Anonymous

‎01-06-2022 02:01 PM

@Anonymous it is not unsafe if you are not exposing any secrets and passwords for your API. You can also further protect your API by using for example Azure API Management to hide actual endpoints, allow calls only from your website etc. I am not sure that there some official guide on how to get started with Azure Functions and Dataverse or Dynamics but there are plenty of blog posts. Also in your case, you might not need to connect with Dataverse at all. As a good starting point for Azure Function and Node.js see here - https://docs.microsoft.com/en-us/azure/azure-functions/functions-get-started?pivots=programming-language-javascript. Regarding the trigger - you can create HTTP trigger function and call it as a regular API endpoint.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.
Message 6 of 8
990 Views
Anonymous
Not applicable
In response to OOlashyn

‎01-09-2022 11:01 PM

I tried Azure Functions and it worked very well. I just hosted my code in a Function App and used the request url it generated with the HTTP trigger. 

 

One thing though; what I currently do is generate an OTP through a POST request, and then verify the OTP (all through Twilio). If the OTP is verified, it redirects the user to another page (form page). But users can just bypass the OTP page and go to the form page directly. Is there a way to prevent that? I thought of the page level permissions but they depend on authentication like Azure AD or the support third parties, not something custom like the OTP. How would I be able to restrict the user who hasn't verified their OTP, to go directly to the form page, and only be able to go there when they verify?

 

I know I can do all of this in one page, but they want two separate pages for some reason.

 

Thanks.

Message 7 of 8
968 Views
0 Kudos
OOlashyn
MVP
In response to Anonymous

‎01-11-2022 02:29 PM

@Anonymous interesting question. Well, this might be overkill, but the first thing that came to my mind is when you send an OTP to the user save it to the Dataverse and then when the user is redirected to the new page include that OTP in the request URL and use liquid to validate that this OTP indeed exists and didn't expire and show page content otherwise show an error. It sounds like a double verification (and it is ) but I don't see anything else straight away for two-page approach. If I will get another idea will reply again.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.
Message 8 of 8
956 Views
0 Kudos

Helpful resources

Announcements
Announcement image

Power Platform Connections Ep 15 | L. Baybutt | Thursday, 1 June 2023

Episode Fifteen of Power Platform Connections sees David Warner and Hugo Bernier talk to Microsoft MVP Lewis Baybutt aka Low Code Lewis, alongside the latest news and community blogs.   Use the hashtag #PowerPlatformConnects on social media for a chance to have your work featured on the show.      Action requested: Feel free to provide feedback on how we can make our community more inclusive and diverse.  This episode premiers live on our YouTube at 12pm PST on Thursday 1st June 2023.  Video series available at Power Platform Community YouTube channel.    Upcoming events:  European Power Platform conference – Jun. 20-22nd - Dublin Microsoft Power Platform Conference – Oct. 3-5th - Las Vegas  Join our Communities:  Power Apps Community Power Automate Community Power Virtual Agents Community Power Pages Community  If you’d like to hear from a specific community member in an upcoming recording and/or have specific questions for the Power Platform Connections team, please let us know. We will do our best to address all your requests or questions. 

Announcement image

May 2023 Community Newsletter and Upcoming Events

Welcome to our May 2023 Community Newsletter, where we'll be highlighting the latest news, releases, upcoming events, and the great work of our members inside the Biz Apps communities. If you're new to this LinkedIn group, be sure to subscribe here in the News & Announcements to stay up to date with the latest news from our ever-growing membership network who "changed the way they thought about code".         LATEST NEWS "Mondays at Microsoft" LIVE on LinkedIn - 8am PST - Monday 15th May  - Grab your Monday morning coffee and come join Principal Program Managers Heather Cook and Karuana Gatimu for the premiere episode of "Mondays at Microsoft"! This show will kick off the launch of the new Microsoft Community LinkedIn channel and cover a whole host of hot topics from across the #PowerPlatform, #ModernWork, #Dynamics365, #AI, and everything in-between. Just click the image below to register and come join the team LIVE on Monday 15th May 2023 at 8am PST. Hope to see you there!     Executive Keynote | Microsoft Customer Success Day CVP for Business Applications & Platform, Charles Lamanna, shares the latest #BusinessApplications product enhancements and updates to help customers achieve their business outcomes.         S01E13 Power Platform Connections - 12pm PST - Thursday 11th May Episode Thirteen of Power Platform Connections sees Hugo Bernier take a deep dive into the mind of co-host David Warner II, alongside the reviewing the great work of Dennis Goedegebuure, Keith Atherton, Michael Megel, Cat Schneider, and more. Click below to subscribe and get notified, with David and Hugo LIVE in the YouTube chat from 12pm PST. And use the hashtag #PowerPlatformConnects on social media for a chance to have your work featured on the show.         UPCOMING EVENTS   European Power Platform Conference - early bird ticket sale ends! The European Power Platform Conference early bird ticket sale ends on Friday 12th May 2023! #EPPC23 brings together the Microsoft Power Platform Communities for three days of unrivaled days in-person learning, connections and inspiration, featuring three inspirational keynotes, six expert full-day tutorials, and over eighty-five specialist sessions, with guest speakers including April Dunnam, Dona Sarkar, Ilya Fainberg, Janet Robb, Daniel Laskewitz, Rui Santos, Jens Christian Schrøder, Marco Rocca, and many more. Deep dive into the latest product advancements as you hear from some of the brightest minds in the #PowerApps space. Click here to book your ticket today and save!      DynamicMinds Conference - Slovenia - 22-24th May 2023 It's not long now until the DynamicsMinds Conference, which takes place in Slovenia on 22nd - 24th May, 2023 - where brilliant minds meet, mingle & share! This great Power Platform and Dynamics 365 Conference features a whole host of amazing speakers, including the likes of Georg Glantschnig, Dona Sarkar, Tommy Skaue, Monique Hayward, Aleksandar Totovic, Rachel Profitt, Aurélien CLERE, Ana Inés Urrutia de Souza, Luca Pellegrini, Bostjan Golob, Shannon Mullins, Elena Baeva, Ivan Ficko, Guro Faller, Vivian Voss, Andrew Bibby, Tricia Sinclair, Roger Gilchrist, Sara Lagerquist, Steve Mordue, and many more. Click here: DynamicsMinds Conference for more info on what is sure an amazing community conference covering all aspects of Power Platform and beyond.    Days of Knowledge Conference in Denmark - 1-2nd June 2023 Check out 'Days of Knowledge', a Directions 4 Partners conference on 1st-2nd June in Odense, Denmark, which focuses on educating employees, sharing knowledge and upgrading Business Central professionals. This fantastic two-day conference offers a combination of training sessions and workshops - all with Business Central and related products as the main topic. There's a great list of industry experts sharing their knowledge, including Iona V., Bert Verbeek, Liza Juhlin, Douglas Romão, Carolina Edvinsson, Kim Dalsgaard Christensen, Inga Sartauskaite, Peik Bech-Andersen, Shannon Mullins, James Crowter, Mona Borksted Nielsen, Renato Fajdiga, Vivian Voss, Sven Noomen, Paulien Buskens, Andri Már Helgason, Kayleen Hannigan, Freddy Kristiansen, Signe Agerbo, Luc van Vugt, and many more. If you want to meet industry experts, gain an advantage in the SMB-market, and acquire new knowledge about Microsoft Dynamics Business Central, click here Days of Knowledge Conference in Denmark to buy your ticket today!   COMMUNITY HIGHLIGHTS Check out our top Super and Community Users reaching new levels! These hardworking members are posting, answering questions, kudos, and providing top solutions in their communities.   Power Apps:  Super Users: @WarrenBelz, @LaurensM  @BCBuizer  Community Users:  @Amik@ @mmollet, @Cr1t    Power Automate:  Super Users: @Expiscornovus , @grantjenkins, @abm  Community Users: @Nived_Nambiar, @ManishSolanki    Power Virtual Agents:  Super Users: @Pstork1, @Expiscornovus  Community Users: @JoseA, @fernandosilva, @angerfire1213    Power Pages: Super Users: @ragavanrajan  Community Users: @Fubar, @Madhankumar_L,@gospa  LATEST COMMUNITY BLOG ARTICLES  Power Apps Community Blog  Power Automate Community Blog  Power Virtual Agents Community Blog  Power Pages Community Blog  Check out 'Using the Community' for more helpful tips and information:  Power Apps , Power Automate, Power Virtual Agents, Power Pages 

Announcement image

Check out the new Power Platform Communities Front Door Experience!

We are excited to share the ‘Power Platform Communities Front Door’ experience with you!   Front Door brings together content from all the Power Platform communities into a single place for our community members, customers and low-code, no-code enthusiasts to learn, share and engage with peers, advocates, community program managers and our product team members. There are a host of features and new capabilities now available on Power Platform Communities Front Door to make content more discoverable for all power product community users which includes ForumsUser GroupsEventsCommunity highlightsCommunity by numbersLinks to all communities Users can see top discussions from across all the Power Platform communities and easily navigate to the latest or trending posts for further interaction. Additionally, they can filter to individual products as well.         Users can filter and browse the user group events from all power platform products with feature parity to existing community user group experience and added filtering capabilities.       Users can now explore user groups on the Power Platform Front Door landing page with capability to view all products in Power Platform.      Explore Power Platform Communities Front Door today. Visit Power Platform Community Front door to easily navigate to the different product communities, view a roll up of user groups, events and forums.

Announcement image

Microsoft Power Platform Conference | Registration Open | Oct. 3-5 2023

We are so excited to see you for the Microsoft Power Platform Conference in Las Vegas October 3-5 2023! But first, let's take a look back at some fun moments and the best community in tech from MPPC 2022 in Orlando, Florida.   Featuring guest speakers such as Charles Lamanna, Heather Cook, Julie Strauss, Nirav Shah, Ryan Cunningham, Sangya Singh, Stephen Siciliano, Hugo Bernier and many more.   Register today: https://www.powerplatformconf.com/   

Announcement image

Welcome! Congratulations on joining the Power Pages community!

Welcome to the Power Pages Community!   You're now a part of a vibrant group of peers and industry experts who are here to network, share knowledge, and even have a little fun.     Now that you're a member, you can enjoy the following resources:   The Power Pages Community Forums The forums are also a great place to connect with other Power Pages community members. Check the News & Announcements section for community highlights, find out about the latest community news, and learn about the Community Team. Share your feedback, earn custom profile badges, enter challenges to win prizes, and more.   Community Blog Our community members have learned some excellent tips and have keen insights on the future of business analysis. Head on over to the Community Blog to read the latest posts from around the world. Let us know if you'd like to become an author and contribute your own writing — everyone is welcome.   And that’s not all, we have Galleries of additional information such as the Community Connections & How To Videos & Webinars & Video Gallery and more to motivate, educate and inspire you.   Again, welcome to the Power Pages community family, we are so happy you have joined us! Whether you are brand new to the world of data or you are a seasoned veteran - our goal is to shape the community to be your ‘go to’ for support, networking, education, inspiration and encouragement as we enjoy this adventure together! Let us know in the Community Feedback forum if you have any questions or comments about your community experience, but for now – head on over to the forums Get Help with Power Pages and dive right in!   To learn more about the community and your account be sure to visit our Community Support Area. We look forward to seeing you in the Power Pages Community!   The Power Pages Community Team  

Users online (2,237)