Ok, so we can defined it on a separate module, maybe named authentication_trust to follow the authenticate_sms module.
If we don’t publish it, it’s not usable on other servers and other people with the same needs will be forced to reinvent the wheel.