amplify icon indicating copy to clipboard operation
amplify copied to clipboard
verified publisher icon OpenSourceFellows

Twilio integration for sms alerts

Open manishapriya94 opened this issue 3 years ago • 6 comments

Context

Screen Shot 2022-04-19 at 12 45 07 PM

User Story: A user can choose to opt into sms alerts around the cause they wrote a letter for. The twilio integration allows us to follow up with user education via SMS.

Screen Shot 2022-03-16 at 8 15 28 PM
  • Stage 1: Users are sent through social media campaign, at advocacy events, while canvassing through a QR code
  • Stage 2: Users authenticate (via Auth0 through their phone number)
  • Stage 3: Users sign up for updates when sending their letter
  • Stage 4: Send sms updates monthly from advocacy group (update the constituent table for people who signed up for sms updates)

Specs

  • Integrate Twilio Screen Shot 2022-04-19 at 1 03 56 PM

  • Update Database

Screen Shot 2022-04-19 at 1 03 49 PM
  • Update API docs

References

Data Structure | Data Report Feature Discussion Twilio API Docs User Journey Miro

Exit Criteria

  • Full User Story Discussion

Exit Criteria

  • [ ] Set up Twilio API
    • [ ] Create API token secret
    • [ ] OpenSourceFellows/amplify#145
  • [ ] OpenSourceFellows/amplify_server#34
  • [ ] OpenSourceFellows/amplify#147
  • [ ] OpenSourceFellows/amplify_server#40

manishapriya94 avatar Mar 17 '22 03:03 manishapriya94

Capturing discuss notes working with @nawazkhan and @ankitagrawal98

Brainstorm on task breakdown

  1. Stage 2 needs to be expanded to take advantage of Auth0's SMS passwordless login option (which is through Twilio ironically) detailed https://auth0.com/docs/authenticate/passwordless/authentication-methods/sms-otp in order to allow people to authenticate with their mobile device rather than needing a Google account

    We think the Auth0 passwordless login using the Universal Login flow makes the most sense IF it can provide the phone number used for authenticating

    Screen Shot 2022-04-21 at 1 01 32 PM

  2. Implement necessary database schema changes for containing constituents mobile number, per campaign notification preference as well as UI changes that populate the data

    Screen Shot 2022-04-21 at 1 06 47 PM

  3. Developing a monthly digest process that generates digests around the various campaigns that constituents have signed up for

  4. Explore a method for organizers to send out ad-hoc messages to constituents for a given campaign

andyfeller avatar Apr 21 '22 17:04 andyfeller

Open source alternative: https://fonoster.com/

cc: @nawazkhan @ankitagrawal98 @andyfeller

manishapriya94 avatar Aug 12 '22 04:08 manishapriya94

Hello,

As of now, I'm not seeing a source of the sms message, nor what triggers it.

Do the individual campaign managers have access to Twilio accounts (presumably under some sort of organization) and setup their own flow to call an Amplify API endpoint? Or are we looking for a more in-house solution where campaign managers can login to Amplify and build and send their own messages and notifications from Amplify?

i-am-b-soto avatar Dec 28 '22 07:12 i-am-b-soto

Community user story: The groups often don't have IT people and might create another barrier if they have to have their own tooling.

  • Could the workflow reflect a model in which the group texts some number/mechanism and it will text the end user who has subscribed?
  • Would that include a review process? Or does it need authentication to be able to send to begin the flow? A different Auth0 workflow (currently it validates constituents, we need new one for the community groups)

If constituent:

  • authentication: is this their user profile --> mapped to sms
  • database: ensure the endpoint its coming from has encryption at rest and in transit (sms numbers protected/not linked to user --> OpenSourceFellows/amplify#31

If its admin

  • access and authentication to perform action

  • what visibility does subscription give?

    • banner
    • unsubscribe

  • Compliance check:

    • What is the end to end encryption (which plan)
    • How to architect for identity validation/access management

Next steps @Iamsoto explores issues:

  • [x] What is the end to end encryption and authentication look like (can we authorize with sms alone)
  • [ ] Can it be integrated into current auth0 scheme Resources

manishapriya94 avatar Jan 18 '23 23:01 manishapriya94

Also. HIPAA specifically is for Protected Health Information. I don't see health information stored in Amplify. So I don't believe HIPAA specifically should be a concern for us. Correct me if I'm wrong

source: https://www.cdc.gov/phlp/publications/topic/hipaa.html https://support.twilio.com/hc/en-us/articles/360059959413-Building-HIPAA-Compliant-Messaging-Applications-with-Twilio

i-am-b-soto avatar Jan 29 '23 19:01 i-am-b-soto

The California Consumer Privacy Act might be something to be aware of, however: And if we're reaching an international audience, The EU has the GDPR. Let me know if this seems more relevant.

Source: https://oag.ca.gov/privacy/ccpa https://digitalguardian.com/blog/what-gdpr-general-data-protection-regulation-understanding-and-complying-gdpr-data-protection

i-am-b-soto avatar Jan 29 '23 20:01 i-am-b-soto