Implementing OTP Auto-Retrieval in React Native Using react-native-otp-verify

OTP Auto-Retrieval in React Native Using react-native-otp-verify

One-Time Passwords (OTPs) are a common method for verifying user identities in mobile applications. Manually entering OTPs can be cumbersome for users. Android's SMS Retriever API enables automatic OTP retrieval, enhancing both user experience and security.

OTP Verification Illustration

Understanding OTP Auto-Retrieval

The SMS Retriever API enables your app to automatically retrieve verification codes without requiring SMS read permissions. The general flow is as follows:

  • User initiates OTP verification.
  • Your app starts the SMS Retriever API listener.
  • The server sends an SMS with OTP and app hash.
  • Google Play services detects and delivers the SMS to your app.

Importance of the App Hash

The app hash is an 11-character unique identifier that links the SMS to your app. It is derived from your app’s package name and signing certificate. Without it, the SMS Retriever won’t forward the message to your app.

Note: Debug and release builds have different hashes due to different signing certificates.

Setting Up react-native-otp-verify

npm install react-native-otp-verify --save
import RNOtpVerify from 'react-native-otp-verify';

Implementing OTP Auto-Retrieval

1. Retrieve the App Hash

RNOtpVerify.getHash()
  .then(hashArray => {
    console.log('App Hash:', hashArray[0]);
  })
  .catch(console.log);

2. Listen for OTP

startListeningForOtp = () => {
  RNOtpVerify.getOtp()
    .then(() => RNOtpVerify.addListener(this.otpHandler))
    .catch(console.log);
};

otpHandler = message => {
  const otp = /(\d{6})/g.exec(message)[1];
  console.log('OTP from message:', otp);
  this.setState({ otp }, () => {
    this.callLoginApi();
  });
  RNOtpVerify.removeListener();
};

3. OTP SMS Format

<#> Your OTP is 123456
AppName: FA+9qCX9VSu

Replace FA+9qCX9VSu with your app’s actual hash.

Generating App Hashes

Debug Build

Use getHash() as shown above.

Release Build

Use the command below to generate the hash from your keystore:

keytool -exportcert -alias your-key-alias -keystore path-to-keystore | xxd -p | tr -d "[:space:]" | echo -n your.package.name `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11

Testing and Debugging

  • Use real Android devices with Google Play services.
  • Use adb logcat | grep RNOtpVerify to monitor logs.

Best Practices

  • Store hash values securely (e.g., in environment variables).
  • Ensure SMS format strictly follows required structure.
  • Implement fallback logic if OTP auto-retrieval fails.

Platform Limitation Notice

Important: This functionality is only supported on Android. It will not work on iOS devices.

For iOS, Apple does not provide a similar SMS Retriever API. You must use either manual OTP entry or integrate Apple’s AutoFill functionality. To enable AutoFill on iOS:

  • Ensure your OTP input field has textContentType="oneTimeCode".
  • Use an input placeholder like "Enter the code sent to your phone".
  • Ensure your SMS follows this format: 
    Your AppName code is: 123456

Conclusion

Using the react-native-otp-verify library simplifies OTP verification by automatically retrieving codes without SMS permissions. With a clear understanding of app hashes and careful message formatting, you can implement a secure and user-friendly authentication experience in your React Native app.

References

Home

Comments

Post a Comment

Reader's Choice

No better way to understand GIt flow than this...

Image
Git Good with Guns: A Humorous, Hands-On Approach to Learning Version Control When it comes to Git, many developers feel like they're entering a battlefield. So, why not embrace that feeling and compare Git commands to handling a gun? Don't worry—no actual guns involved, just a bit of tech fun. Let’s break down some key Git commands as if you were preparing for a mission.  These are the basic commands you'll find yourself using day in and day out, so let’s make sure you’re ready for action! 1. git add . Think of this command as loading bullets into your magazine . When you run git add . , you're adding all your changes (the bullets) to the staging area (the magazine). You're getting everything ready for the next step. Make sure your magazine is fully loaded with all the necessary changes! 2. git commit -m '<message>' Now that y...
Read more

Vercel vs Render | Choosing the Best Free Hosting Platform for Your Projects

Image
  When it comes to FREE HOSTING, both Vercel and Render offer enticing options, each with its own set of strengths and trade-offs. Vercel and Render both offer free cloud hosting for your projects, providing a great opportunity to practice and learn with real-world tools. While these free plans come with limited resources and features, they're perfect for getting started or testing smaller projects. However, if you're considering using these platforms for production, it's worth noting that a dedicated plan would be more suitable. But let's set aside the paid plans for now and focus on what you can do with the free versions. Many of you may have noticed the constraints that come with free hosting, such as limited resources and restricted monthly uptime. Here, I'll give you a brief overview of what the free plans actually offer, along wi...
Read more