Authenticate Employess by thier phone number

i have reqiuremnt to make employee self servies moplie app connected to erp next
we will authenticate Employess by thier phone number.
with out making system user for each employee.

whats your sugeestion:
make one user with secreat key and connect thorugh it from the mobile app.

Or what is the best solution that crosses security without create an account for each employee

many thanks

one way of doing this through custom app and code.

add 1 whitelisted function with allow_guest=True called get_otp(phone_number) this will store phone_number as key with random OTP as value in frappe cache with expiry that you set. Use sms gateway to send this otp to phone number. DO NOT return otp as http json response!

all other whitelisted functions that authenticate using this alternative OTP also need to be allow_guest=True they accept the phone_number and otp along with other parameters, verify phone:otp pair from cache, clear cache entry and further do anything that’s needed using frappe orm, ignore_permissions=True. You’ve valid number in request to identify employee. You can accept phone and otp as some request header instead of body param.

2 Likes

mank thanks @revant_one for your reply :smiling_face_with_three_hearts: It’s really useful

I will use external service to verify the phone and to send the otp in the mopile app after varifaction will get uid for each phone number.

after that i will send the phone number and uid to the erpnext to whitelisted function with allow_guest=True.

At this point can I create something like barrertoken for each phone number
and begin using stander erpnext apis with out resending the phone number and uid again

like this

url = “http://frappe.local:8000**/api/method/…”
headers = {
“Authorization”: “Bearer %s” % access_token
}

Many thanks in advance :white_heart: