How to allow login of user through mobile number?

Sure, but in the end Discourse uses OAuth to fetch the user’s email address and still uses that to deliver notifications, confirmation / activation tokens and everything else.

Anyways, I was more or less playing devil’s advocate…

I’ve recently been poking around Discourse’s source tree to figure out how hard it’s be to implement notifications via Jabber/XMPP instead of email, hence the interest in the matter. :slight_smile:

3 Likes

In Asia there’s a whole generation growing up with no email (they prefer FB, viber, whatsapp, wechat). But they have mobile numbers. Signup and login with a mobile number would be a great option for communities in Asia.

7 Likes

I haven’t found this to be true. People still have email accounts even if they don’t prefer to use them.

1 Like

I’m sure @SurabhiDewra (who seems to be from India) means the same.

And I’m from Southeast Asia who works closely with youth.

3 Likes

I hope it’s okay reviving this old topic, but I think this is a discussion worth revisiting. Working in telecom for emerging markets, I’m witnessing flows where new mobile users can get into the digital world without an email, and use the two most popular apps, Facebook and Whatsapp.

While I don’t think Discourse should need to develop a login mechanism with phone confirmation, I would like to think that the Facebook login mechanism could work even if the user does not have an email address. I just got new phone service today in Colombia and was able to get on to FB quite easily, but could not complete the FB login flow on Discourse without entering an email.

Perhaps a future feature would allow for the email field to be optional if the user is using FB authentication? or perhaps it could be filled with their Facebook address? username@facebook.com as a placeholder.

I’m trying to get more data on this topic, but I think we should keep an open mind that many of the new users just getting “online” today on their phones, will not actually have a need for an email address, as crazy as that might sound to us. Though I think they will have a FB account :wink: if Mark gets his way.

Just something to keep an eye on for now, and understand that our assumptions of the past will not necessarily hold true in the near future.

4 Likes

Problematic since email is so core to what we do. A user without an email has no way to get notifications from us at all. A user without email has no unique identity since that is how they reset their password.

So…is email being at the core the real problem here?

Like others have mentioned previously, I find it hard to imagine users who do not have and cannot create an email address. That being said, I’ve grown up in the US, a “developed” country, where it was expected that I have an email account. I was given an account by the schools I attended (both secondary and college), and it is just an expected type of communication method here. I did not grow up in India, a country still considered “developing”, where access to a computer and the internet is not necessarily commonplace. Can users in India and other developing countries get an email address, yes, if they can already access FB and WhatsApp, they have internet access and can do so.

I guess the question (which is impossible to answer) is “will users in India and other developing countries get email addresses as internet access expands and improves, or is mobile the way of the future?”

3 Likes

I may be missing the obvious, but if someone with a phone can not access the web to create an email account, how are they supposed to access a Discourse forum?

I think the issue is not that they can’t have an email address, but that they don’t. They have a FB account, see FB as a login option, and are then confused as to why an email address is still required.

3 Likes

Thx @jomaxro. @codinghorror the reason I revived the thread is so it could be in the back of our minds. If email is core, then perhaps we should begin to ponder what it means if a user instead provides a unique FB id + phone number.

I am curious to see if the topic of Free Basics will be brought up at Facebook’s F8 conference in a few weeks. If the initiative gains momentum, then you might start seeing billions of users having a slightly different online experience than the rest of us.

https://developers.facebook.com/docs/internet-org

Then the issue is

How do we treat a phone number like an email address?

Let’s go all the way here. Full conversion. Zero email. Only the mobile number for a user. To what extent can you treat a mobile number like an email address? To what extent can you replace an email address with a mobile number?

  • Identity? Every mobile number is unique, so that sort of works. You can change mobile numbers about as easily as you can change email addresses, or you can stick with them for long periods of time.

  • Notifications? Unlike email, It’s not free to send a SMS to a phone number. Say someone forgets their password or needs a reply notification. We have to send SMS because that’s literally all we have. Well SMS messages cost, like, real money. Sending email is as free as it gets… but SMS ain’t free. How would the average Discourse open source install deal with this?

That’s the way to think about this. There are some massive obstacles.

5 Likes

Also, while you can easily change mobile phone number, they often are “re-assigned”, and you might end-up sending SMS to a complete different person.

6 Likes

Is there a fb messenger api, so if you log in via fb and have no email address you get notifications via fb?

1 Like

Thx @codinghorror for giving this some thought.

Regarding notifications, I think one long-term solution would be developing a mobile app (access to web view, perhaps including latest web app in initial download) that can be white labeled per site, and can be set up with push notifications. (I would expect Discourse clients to pay for this.) Note that push notifications would not have the same deliverability issues we are running into for email. I recognize this would be a major effort.

Regarding unique ID and changing of phone numbers… FB continuously checks to see if a mobile number has been deprovisioned. I recently changed service providers and had to reconfirm my phone. So if we rely on FB auth as well, that should solve the unique id issue.

1 Like

AFAIK, this is on the roadmap somewhere :slight_smile:

1 Like

Definitely not the most common scenario, but I’ve seen instances in the 50yrs+ demographic where people are hitting a barrier with log-in because they can’t remember their email addresses.

7 Likes

If it is supported by the mobile provider you can send an email as an SMS message.
https://meta.discourse.org/t/creating-discourse-account-without-email/37518/6?u=simon_cossar

1 Like

You can also put the burden on the forum owner to provide a valid SMS api key, like you need to provide a valid SMTP service (and soon a valid GCM api key).

If they want to provide mobile number login they need to add a valid SMS gateway service and pay for it (like e-mail).

Americans aren’t familiar with Whatsapp (SMS is mostly free on USA) but it got a scary market share, mostly on using your phone number as your ID.

Medical Doctors send confirmations trough Whatsapp, they don’t even ask if you use it, because it’s expected.

6 Likes

I live in Southeast Asia and work closely with youth. What I observe is that even though they do have emails, they never actually use/check them. Email notifications (digest, reply notif, etc) just go to some black hole.

As for password reset, I agree with @Falco - put the burden on forum operators.

5 Likes

Is anyone working on allowing login via mobile number? I am in east Africa right now with members of our global community, and am finding confirmation of much of what was written above in this topic. People may or may not have email, but they definitely have mobile phones and nearly all have smartphones with facebook and whatsapp installed.

To share an anecdote… even though I am one of the people who was running this learning exchange with these 20 people, there were many moments when I was out of the loop on what was going on with logistics, and found myself sitting in the hotel lobby waiting for everyone else when they all had arranged via a WhatsApp group to cancel an excursion or change plans. They were not choosing to open discourse or their email to quickly communicate with one another.

I know discourse won’t be all things to all people, but in the future it seems necessary to provide account verification via mobile phone and also to allow members to receive notifications via their approved mobile numbers, and send replies to discourse via SMS. All paid for by the discourse site owners to SMS gateways much like we pay for SMTP email now.

This is functionality that we’d be interested in contributing to if anyone gets to work on it and if the discourse team is interested in having it as a plugin or otherwise.

In case anyone is wondering. WhatsApp seems not to be the solution, which is disappointing. I asked @LeoMcA and this is what he had to say:

Sadly it doesn’t look like WhatsApp expose any APIs at all, neither for authentication nor for bots. There are reverse engineered solutions (at least for bots), but I think you risk getting your number banned (and your code taken down) with those. There’s the possibility of more love for developers on the horizon: WhatsApp Blog

Starting this year, we will test tools that allow you to use WhatsApp to communicate with businesses and organizations that you want to hear from. That could mean communicating with your bank about whether a recent transaction was fraudulent, or with an airline about a delayed flight.

But that was posted in January, and there hasn’t seemed to be any update since then.

Another similar service, Telegram, has amazing API support - but if WhatsApp is what people are using, that doesn’t really mean a lot.

7 Likes