I'm currently developing a healthcare application using Medplum as the backend service. For enhancing security and user experience, I am interested in implementing a phone-based One Time Password (OTP) authentication system. The goal is to allow users to log in using their phone number and an OTP sent via SMS, leveraging Medplum's authentication services for session management. I understand that Medplum offers robust authentication mechanisms, but it does not directly support sending or verifying OTPs sent to phone numbers. Therefore, I plan to integrate an external SMS gateway (such as Twilio or Nexmo) for the OTP functionality. However, I'm seeking guidance on the best practices for implementing this securely and efficiently, especially in a way that is compliant with healthcare regulations like HIPAA. Here are my specific questions: 1. Has anyone successfully integrated OTP-based authentication with Medplum? If so, could you share your approach or any sample code snippets? 2. For those who have implemented similar systems, which SMS gateway did you use, and why?

Hi @suryanandx_54382 , we have definitely had users leverage OTP functionality through providers such as Auth0. Twilio should hopefully be similar.