1.5 KiB
1.5 KiB
Verification Code Reader
When a service sends a verification code by email (Avis, banks, accounts), the agent can read it from the inbox before the user can find it manually.
Workflow
- User triggers a login that sends a code email (e.g. entering email on avis.com)
- User says "check email for code" or the workflow expects the code
- Search IMAP for the security-code email from that sender
- Extract the code and relay it
Finding the code in the email
Security-code emails are typically text-only or minimal HTML. The code itself can be:
- In the subject line (rare)
- In the body as a bold or large number after "security code" or "verification code"
- In a table row labeled "Your Security Code"
Searching strategy
# Search recent emails from the sender
status, data = conn.search(None, f'(FROM "avis@e.avis.com" SINCE "{since}")')
The sender is typically:
- Avis:
avis@e.avis.com— subject "Avis: Your security code" - Other services follow similar patterns
Pitfalls
- Security codes expire fast — most are valid for 5-15 minutes. Don't over-optimize search patterns, just grab the latest email from that sender.
- HTML emails may obfuscate the code — if you can't find a numeric pattern, strip all tags and look for "code" context:
re.search(r'code[:\s]*(\d{4,8})', clean_body, re.IGNORECASE) - One-time passwords (OTP) vs link-based auth — some services send a magic link instead of a numeric code. If no numeric pattern matches, check for a URL containing
token=orcode=in the body.