Simulated SMS-MO Authentication Flow

Simulated Authentication User Flow

Overview

For the purposes of performing diagnostic tests of the SMS-MO Authentication flow, Google defines a Simulate SMS endpoint. This eliminates the need for a real SMS to be sent and validated when performing test Associations in the sandbox environment.

How the flow works

There is one primary way to authenticate a user in sandbox.

  1. Simulated SMS-MO authentication

Simulated SMS-MO Authentication

Simulated SMS-MO Authentication Flow

Here is a list of objects in the diagram and what they represent:

  • Tester: This is the person who initiates an SMS-MO association diagnostic test.
  • Google UI: A Google UI where the tester begins and monitors the status of the SMS-MO diagnostic test.
  • Google Server: The backend server at Google that generates the SMS instructions with a Authentication Request ID (ARID), sends the simulated SMS message, and receives the authentication result from the integrator.
  • Payment Integrator Server: The backend server of the integrator that receives the simulated authentication SMS and returns the Authentication Request ID to Google.

The steps in this flow are:

  1. The Tester begins the SMS-MO diagnostic test by providing a test subscriber ID (SID) to use for the test. This SID will be included in the simulateSms call to the Payment Integrator.
  2. The Google UI calls the Google Server to initiate the SMS-MO Challenge.
  3. The Google Server returns SMS instructions, consisting of a destination and a body containing the Authentication Request ID. For the purposes of this test, the destination will be overridden by the Payment Integrator's sandbox HTTPS connection.
  4. The Google UI calls the Google Server to send the simulated SMS message.
  5. The simulateSms call is made from the Google Server to the Payment Integrator Server. Both the Authentication Request ID and Subscriber ID (as provided in step 1) is included in the API call.
  6. The Payment Integrator Server responds ACKNOWLEDGED.
  7. The Google Server responds SUCCESS to the Google UI.
  8. The Payment Integrator Server calls the authenticationResultNotification endpoint on the Google Server with the Authentication Request ID.
  9. The Google Server responds SUCCESS.
  10. The Google UI calls the Google Server to obtain the result of the authentication attempt.
  11. The Google Server responds COMPLETED.
  12. The Google UI calls the Google Server to execute an Association attempt.
  13. The associateAccount call is made from the Google Server to the Payment Integrator Server.
  14. The Payment Integrator Server responds SUCCESS.
  15. The Google Server responds SUCCESS.
  16. The Google UI updates to indicate to the Tester that the SMS-MO diagnostic test has completed successfully.