Module phone 

Phone / SMS magic-code sign-in.

Mirror of the email magic-code flow but with phone numbers as the identity. Same code shape (6-digit numeric), same expiry (10 min), same single-use semantics. Pluggable SMS transport lets apps use Twilio / MessageBird / a webhook.

Phone numbers are E.164-normalized (+15551234567) before any storage / lookup so case + whitespace + formatting differences collapse to one identity.

Workflow:

1. POST /api/auth/phone/send-code { phone } → SMS arrives with Your sign-in code is 123456.
2. POST /api/auth/phone/verify { phone, code } → returns the session token, same shape as magic-email.

Apps that need full E.164 validation (libphonenumber-style) should plug a custom validator before calling Phone::normalize.

Structs

InMemoryPhoneCodeBackend

NullSmsTransport

No-op transport for tests + the in-memory dev runtime.

PhoneCode

Stored pending code. Same shape as MagicCode but keyed on phone.

PhoneCodeStore

TwilioSmsTransport

Twilio REST API transport. Reads PYLON_TWILIO_ACCOUNT_SID + PYLON_TWILIO_AUTH_TOKEN + PYLON_TWILIO_FROM at construction. from MUST be a verified Twilio number / messaging service id.

Enums

PhoneCodeError

Traits

PhoneCodeBackend

SmsSender

SMS sender. Apps register a Twilio/MessageBird transport at startup; tests use NullSmsTransport.

Functions

normalize

Normalize a user-supplied phone number to E.164. Strips spaces, dashes, parens, dots. Leading + required. ASCII digits only. Returns None for malformed input.