Twitter is giving developers a single line of code for tying into their apps an authentication mechanism that only requires mobile users to type in their phone number.
The aptly named Digits has a major coup in mind - ending the reign of usernames and passwords as a means for authentication. Digits is part of Twitter’s new mobile app development framework dubbed Fabric, which rolled out Wednesday.
With Digits, users can sign-up with their phone number and login with the same number and some data cached on their device. After the user types in their number, Twitter returns a confirmation code to verify that number.
It is Twitter’s version of two-factor authentication, something you know (your phone number) and something you have (a Digits confirmation code). Digits supports iOS, Android, and mobile web applications.
When a Digits account is created, it returns to the app a UserID that can be matched with the application’s user record, and a token, created using the Internet Engineering Task Force’s OAuth standard, that is sent to the device. The user's phone number is also verified. Users can change phone numbers without losing their accounts.
In May last year, Tim Bray, then the Developer Evangelist for Google, called OAuth tokens "power tools" for developers looking to secure and integrate their applications. It seems Twitter is tapping into that mindset.
Twitter hopes developers will stretch this phone-number-based onboarding and sign-in flow across all devices – mobile or Web. The phone verification is supported in 191 countries and includes built-in support for 28 languages.
“[Digits] lets you build your own profiles and apps, giving you the security of knowing your users are SMS-verified,” Twitter said on its blog. “We built Digits after doing extensive research around the world about how people use their smartphones.”
Twitters said it found that “first-time Internet users in places like Jakarta, Mumbai and São Paulo were primarily using a phone number to identify themselves to their friends.”
The freely available developers kit includes the sign-in functionality mechanism for making authenticated requests to Twitter’s REST API and the phone-number based sign-in. The basic Digits dev kit is available now, but Twitter is already working on updates to be delivered later this year, including: