Blogs > Enhancing Security with SMS Two Factor Authentication in AEM Forms

AEM Forms

Enhancing Security with SMS Two Factor Authentication in AEM Forms

Infodales Tech Solutions | June 24, 2023

SMS Two-Factor Authentication

In today's digital landscape, security is paramount. With cyber threats evolving constantly, safeguarding user accounts has become a top priority for businesses and individuals alike. One effective way to enhance security is through SMS-based two-factor authentication (2FA), a robust method that adds an extra layer of protection to online accounts. Let's delve into how SMS 2FA works and why it's a crucial tool in the fight against unauthorized access.

SMS 2FA adds an extra layer of security by requiring users to verify their identity not only with a password but also with a unique verification code sent to their mobile devices. This blog post dives into the process of implementing SMS 2FA with AEM Forms and highlights its benefits.

Create Developer Account

Many organizations offer SMS 2FA services, and if they have clear REST APIs, you can integrate them with AEM Forms effortlessly. In this tutorial, I've chosen Vonage API to show how SMS 2FA works with AEM Forms.

Begin by creating a developer account on the Vonage API platform. Once you've registered, take note of the API Key and API Secret Key provided by Vonage API Dashboard. These keys are crucial for accessing and using Vonage API's REST APIs effectively.

SMS Two-Factor Authentication

Create a Swagger File

Creating a Swagger file involves defining your API's structure, endpoints, parameters, responses, and other details using the Swagger/OpenAPI Specification. Here's a step-by-step guide to help you create a Swagger file:

  • Understand Swagger/OpenAPI Specification

  • Choose a Swagger Editor

  • Define API Info

  • Define Paths and Operations

  • Define Parameters and Responses

  • Add Security Definitions (if needed)

  • Export and Save

  • Validate and Test

Use tools like Swagger Inspector or Postman to validate and test your Swagger file against your actual API endpoints.

swagger: '2.0'
info:
version: 1.0.0
title: Nexmo Verify API
description: API for verifying OTP codes and sending SMS with codes using Nexmo (formerly Vonage)
host: api.nexmo.com
basePath: /verify
schemes:
- https
paths:
/check/json:
post:
summary: Verify OTP Code
produces:
- application/json
consumes:
- application/x-www-form-urlencoded
operationId: VerifyOTPCode
parameters:
- in: formData
name: api_key
type: string
description: API Key
- in: formData
name: api_secret
type: string
description: API Secret Key
- in: formData
name: request_id
type: string
description: Vonage Request ID
- in: formData
name: code
type: string
description: OTP Code
responses:
'200':
description: Successful Response
schema:
$ref: '#/definitions/ReturnValue'
/json:
post:
summary: Send SMS with Code
produces:
- application/json
consumes:
- application/x-www-form-urlencoded
operationId: SendSMSWithCode
parameters:
- in: formData
name: api_key
type: string
description: API Key
- in: formData
name: api_secret
type: string
description: API Secret Key
- in: formData
name: number
type: string
description: Number to send SMS
- in: formData
name: brand
type: string
description: Vonage Brand
- in: formData
name: code_length
type: string
description: Verification Code Length
responses:
'200':
description: Successful Response
schema:
$ref: '#/definitions/ReturnValue'
definitions:
ReturnValue:
type: object
properties:
request_id:
type: string
status:
type: string

Create a Data Source

To connect AEM/AEM Forms with third party api's, you first make a data source in cloud services. You can use the Swagger file to set up this data source.

  • Log in to AEM and go to the Dashboard.

  • From Tools, select Cloud Services.

  • Pick or create a folder in Cloud Services to store your data sources.

  • Define settings like data type, endpoint URL, and authentication.

  • Save the data source

Data Source
Data Source
Data Source

Create a Form Data Model

Creating a form data model in AEM Forms involves defining the structure of your form data, including the fields, data types, and validation rules. Here's a step-by-step guide:

Form Data Model
Form Data Model
Form Data Model

Select you data source

Form Data Model

Test your Model and Service and save it.

Form Data Model

Create an Adaptive Form

Connect your form's data with the adaptive form to check the phone number users enter. You can make your own adaptive form and use its data to send and check OTP codes the way you need to.

Adaptive Form

Go to properties

Adaptive Form

Select your form data model

Adaptive Form
Adaptive Form

Open the form in edit mode. Open the rule editor for the following field.Provide your API key and API Secret Key.

Adaptive Form

Always use country code.

Adaptive Form

OTP Sent Successfully

Adaptive Form

In conclusion, SMS-based two-factor authentication enhances security, improves user confidence, and aligns with industry best practices. Integrating SMS 2FA with AEM Forms empowers organizations to protect sensitive data and mitigate security risks effectively. Strengthen your security posture today with SMS 2FA and AEM Forms.

I'm glad you found this article interesting and informative! Feel free to share it with your friends to spread the knowledge.
Don't forget to follow me for upcoming blogs. Thank you!


Nitish Bisen | AEM Developer
LinkedIn Email