SMS user authentication with Vapor and AWS |

In this SMS user authentication tutorial you will learn how to use AWS and Vapor to authenticate your users with their phone number.

This is a companion discussion topic for the original entry at

Not Working, more info, "How get AWS_KEY_ID and AWS_SECRET_KEY ", all the configuration of AWS for this project sample.

Hey @jorge_mz.

To begin with, you’ll need an AWS account. If you already have one, of after creating it, check this guide and the additional links there to see how to get the key id and the secret key, either for the root account or the IAM user. You need to make sure that these credentials have permission to access the SNS resources.

Once these are set up, you can start the tutorial.

I get, key id and the secret key, for un user no root, but I get an error "… is not authorized to perform: SNS:Publish on resource: +51973912122 (ErrorMiddleware.swift:26) ".
The IAM user, have, AmazonSNSFullAccess (AWS managed policy)

@jorge_mz could you please paste here the contents of the policy? It might be that we’re missing something.

I have this.

Gracias Natan, ya esta funcionando. Yujuuuuu…

SMS is not recommended for 2FA because of security risks both in SS7 vulnerabilities and SIM swapping, and is no longer recommended by NIST. It’s only kind-of okay because an attacker would still need your password (and it’s better than no 2FA).

Your phone number is also not something that is necessarily consistent throughout your life, you could potentially change it and it could be given to someone else.

Using SMS as your only authentication means sounds like a poor security practice.

(the content of the article in general though was very good)

how we can add JWT with this article thanks

Will you update this project with Vapor 4 ?

Yes, we will probably update the posts in the weeks following Vapor 4 gets out of RC.

This wouldn’t work for me until I added a second message attribute: “AWS.SNS.SMS.SMSType” which has a value of type SNS.MessageAttributeValue with a stringValue property of “Transactional”. (ie I created an additional entry in the messageAttributes dictionary in the AWSSNSSender class initializer.)

(default is “Promotional”, which I couldn’t get to work even from the AWS console) “Transactional” is suitable for “one-time passcodes” per AWS docs

Hi Nathan, can you update this project please to Vapor 4? Thanks thanks!

Hi @danurigom and @alif

This post was updated to Vapor 4 and you can find it here:

This tutorial is more than six months old so questions are no longer supported at the moment for it. Thank you!