72 results found
-
Security vulnerability on using SHA-1 weak hash algorithm
Firebase using SHA-1 weak hash algorithm. This is being raised as Security vulnerability. Recommended to upgrade the hash algorithm.
2 votes -
Option to enable MFA by provider
There should be an option to turn on MFA for a user for specific provider (e.g., password). Since user's Google signin might have MFA already, it's sort of inconvenient to have extra MFA barrier for Firebase Auth tenant.
4 votes -
Authentication feature in Android Wear / WearOS application
The ability to handle autentication and registration feature in android wear / wearos applications, using FirebaseUI or the official firebase auth library in gradle.
Ideally, the same features promoted to android apps but in the wearable world, taking in account the considerations related to battery, performance and data fetching and processing applied to wearables.
1 vote -
Setting to disable returning auth error type
Currently errors such as "wrong password", "user with this email doesn't exists" etc are always returned to client. Would be nice to have the option to only return a generic error message to improve security.
3 votes -
Separate/standalone Authentication admin library
Quite often I only need the firebase-admin/auth part of the NodeJS admin library. Especially when separating the application into single-purpose containers/microservices.
However because there is no separate NPM package for the auth part, I need to pull in the entire firebase-admin package, which pulls in a HUGE number of dependencies like @google-cloud/firestore @google-cloud/storage, google-gax, @grpc/grpc-js protobufjs and a multitude of others which are not needed for the auth part.
Much of the other components like Firestore, Storage etc can be used directly from the @google-cloud/... libraries without the entire firebase-admin package.
But there is no separate package for Authentication.
Authentication…
3 votes -
Whitelisted email address for testing with passwordless email link
It would be great to have a whitelisted email address to use for testing, like we have for SMS authentication, to avoid this message:
"[firebase_auth/too-many-requests] We have blocked all requests from this device due to unusual activity. Try again later."1 vote -
Allow developers to enable authentication limit to a certain collection/document(in cloud firestore) and to a certain node (in RTDB)
Currently, there is no optimal way to achieve this. If we could write a cloud function for it, then it'd be great.
1 vote -
Review the revoke token from apple functionality
I'm implementing a Login with Apple and everything went smooth until I had to delete the account. According to Apple guidelines I need to revoke the token. However, in the Firebase documentation it says I should implement the following:
Auth.auth().revokeToken(withAuthorizationCode: authCodeString)
But the revokeToken method is no longer available. I haven't found yet a way to do it.
Thanks,
Jose
1 vote -
Review the revoke token from apple functionality
I'm implementing a Login with Apple and everything went smooth until I had to delete the account. According to Apple guidelines I need to revoke the token. However, in the Firebase documentation it says I should implement the following:
Auth.auth().revokeToken(withAuthorizationCode: authCodeString)
But the revokeToken method is no longer available. I haven't found yet a way to do it.
Thanks,
Jose
1 vote -
2 votes
-
2 votes
-
Create custom OTP request to revalidate user
Firebase should have capability for the developer to generate OTP (sent on cellphone or email as per developer's requirement) and should have a mechanism to validate the OTP.
This will be very useful during user authentication when changing some critical data/setting (especially related to finance/money) or when making payment.1 vote
- Don't see your idea?