How to allow login of user through mobile number?

Passwords through SMS is not secure though, e.g.

Why would we want to support that?


The uptake of email in India is rising too. In 2011 only 2% of the population had any form of email, as of last year it’s close to 1 in 6.


As we experience first hand in India in an average district, majority of these new users have to get someone to create an account on Gmail, just because they want to use WhatsApp and WhatsApp cannot be downloaded unless you’ve a playstore login ID (that’s =Google id).

And thereafter they never sign in to their Gmail. Not even once. For all purposes, they never know what’s their id is (far is password).

And sometime, for whatever reason, they happen to logout of their account on android, and they need to login once again in their Gmail account, they keep carrying their Mobiles to different known persons, requesting them to help start their mobile again. (they consider their mobile to be not usable if either WhatsApp stops, or calling stops)


We would be extremely happy to take place in any plugin experiment. How would we proceed to find someone to author it? Do we need to fund the SMS gateway for phone validation?

Please advise. I think it’s worthwhile testing it and see the uplift in registrations, as opposed to continue the debate. There’s a reason why Fcaebook / whatsapp offer it.

As far as notifications go, considering now that we have browser based notifications, at least there’s an alternative. Looking into occasional SMS notifications is not a bad idea, though I don’t think it’s the priority right now. I would expect it could start with a weekly or monthly reminder that there are new updates (if user hasn’t visited the community) and take users to their notifications page. Easy optout would be needed. Again, I wouldn’t include this in the plugin mvp.

1 Like

Sorry, I should have clarified above - those figures aren’t ‘email accounts created in India’, that’s the number of unique mobile device users actively connecting to email devices every month.

Those figures are also against the total Indian population for 2018 of 1.344 billion. Measured against the 566 million internet users in that same period, the number of active email users is just over 35%.

1 Like

ProCourse is actually in the middle of a project like this for a client that is willing to let us open-source the work.

The idea is not to use SMS as a password, but to simply replace the sending of emails with sending SMS through Twilio, Africa’s Talking, and Braze campaigns. The first two are currently implemented and seem to be working well. The last is currently in development.

The concept is to hide the email address on sign-up and fill it in behind the scenes with addresses that mimic the phone number: That way Discourse still works with emails if it needs.

But then we tie into specific events (user creation, password update, PM sent, mentions, etc…) and send SMS notifications on top of the email. But since the email is going to the aliased email, the user never has to deal with it.


What if a user wants to swap from using SMS authentication to email-based? Do you have plans to cater for that?

Not currently. This plugin was designed as a complete swap. The main audience being African countries where most people don’t have an email address but most everyone has a smartphone.


so what requirements would a forum provider have if they want to integrate? Create their own Twilio and/or Braze account?

Install the plugin, create a Twilio account, and fill out the site settings for it. It’ll require the API Key for Twilio and the email domain to use for the aliased email account.


Has anyone considered using Facebook’s account kit? It’s a passwordless login method that works with e-mail or phone number. I think it’s free up to 100.000 sms per month.


@joebuhlig can we please touch base on this work? Please call or email.

They stopped the service.

1 Like

Hello Everyone:

Wanted to revive the topic to see if there has been any progress or updates for this feature request, especially from @joebuhlig.

Context: We work with farming communities (majority are small farmers) in Tamil Nadu, India. Email prevalence is almost non-existent. Mobile phones are pervasive.

Would be great to get a mobile phone based authentication & notification features added to Discourse’s fantastic forum capabilities.

Thanks in Advance.


Sorry. Nothing to report from my end. The project didn’t make it to completion.


Oh, that is too bad. Using an email alias seemed like a good workaround. Thanks for the update.

Any considerations on this now @sam @Falco?

We are building an online community for mothers. We currently run our community over WhatsApp groups and intend to migrate the same to discourse. Most of our users don’t have an email id for sure.

Just like we enter SMTP creds, you could allow the forum owners to take the burden for SMS keys as well. Maybe allow a webhook based integration to start with?

1 Like

I don’t know these specific markets, but someone having a smartphone with a phone number can create an email address extremely easily. He would just have to install Gmail or any other equivalent app, or register on one of the many free webmail providers.

Registering on YOUR forum can’t possibly be the only place they would need an email address, or is it? Does it really make sense to adapt your forum rather than advise them to actually create an email?

(Sure, it would be a nice additional option, but on top of that, SMS sending isn’t usually free… And quite more expensive than emails even if you’re paying to send your emails)

1 Like

Looks like what the plugin mentioned a few posts above does?

AFAIK that plugin was abandoned?

1 Like