104 results found
-
Allow developers to enable authentication limit to a certain collection/document(in cloud firestore) and to a certain node (in RTDB)
Currently, there is no optimal way to achieve this. If we could write a cloud function for it, then it'd be great.
1 vote -
Review the revoke token from apple functionality
I'm implementing a Login with Apple and everything went smooth until I had to delete the account. According to Apple guidelines I need to revoke the token. However, in the Firebase documentation it says I should implement the following:
Auth.auth().revokeToken(withAuthorizationCode: authCodeString)
But the revokeToken method is no longer available. I haven't found yet a way to do it.
Thanks,
Jose
1 vote -
Review the revoke token from apple functionality
I'm implementing a Login with Apple and everything went smooth until I had to delete the account. According to Apple guidelines I need to revoke the token. However, in the Firebase documentation it says I should implement the following:
Auth.auth().revokeToken(withAuthorizationCode: authCodeString)
But the revokeToken method is no longer available. I haven't found yet a way to do it.
Thanks,
Jose
1 vote -
Security vulnerability on using SHA-1 weak hash algorithm
Firebase using SHA-1 weak hash algorithm. This is being raised as Security vulnerability. Recommended to upgrade the hash algorithm.
2 votes -
Custom Claims Editor
Show Custom Claims and allow them to be managed in the Firebase Authentication Console (like in the Emulator). Usefull for manually creating the first super user, for example.
38 votes -
311 votes
-
4 votes
-
Create custom OTP request to revalidate user
Firebase should have capability for the developer to generate OTP (sent on cellphone or email as per developer's requirement) and should have a mechanism to validate the OTP.
This will be very useful during user authentication when changing some critical data/setting (especially related to finance/money) or when making payment.4 votes -
Option to enable MFA by provider
There should be an option to turn on MFA for a user for specific provider (e.g., password). Since user's Google signin might have MFA already, it's sort of inconvenient to have extra MFA barrier for Firebase Auth tenant.
5 votes -
MFA option to "remember device"
User shouldn't have to enter MFA every time logging in on same device. There should be a boolean option remember device for some period of time (somewhere between 2 weeks and forever)
5 votes -
Setting to disable returning auth error type
Currently errors such as "wrong password", "user with this email doesn't exists" etc are always returned to client. Would be nice to have the option to only return a generic error message to improve security.
4 votes -
Separate/standalone Authentication admin library
Quite often I only need the firebase-admin/auth part of the NodeJS admin library. Especially when separating the application into single-purpose containers/microservices.
However because there is no separate NPM package for the auth part, I need to pull in the entire firebase-admin package, which pulls in a HUGE number of dependencies like @google-cloud/firestore @google-cloud/storage, google-gax, @grpc/grpc-js protobufjs and a multitude of others which are not needed for the auth part.
Much of the other components like Firestore, Storage etc can be used directly from the @google-cloud/... libraries without the entire firebase-admin package.
But there is no separate package for Authentication.
Authentication…
4 votes -
Google Play User Data Delete Requirement
Google requires a web link that enables users to delete all their data, even after they have uninstalled the application. For a "serverless" app that only uses Firebase Auth, it would be ideal to have a plug-and-play solution for hosting a single webpage that complies with Google Play's policy.
9 votes -
Allow SMS customization & add Web OTP support
Web OTP support increased phone authorization conversion significantly.
Currently, We are not able to customize SMS messages to comply
https://developer.chrome.com/en/articles/web-otp/#format50 votes -
Firebase Authentication for EU
Currently, Firebase Auth is US only. Because the EU-US-Privacy-Shield is not valid anymore, transferring data to the US is for EU companies not allowed. Therefore, Firebase is not GDPR complaint. Allowing us to choose the storage location (like you can weigh Firestore or Cloud Storage) to use a data center in the EU (like europe-west1, europe-west3 or europe-west4, etc.) would make Firebase much more GDPR complaint (beside the Cloud-Act).
340 votesWe are nearly ready to accept developers who are interested in custom authentication (external identity provider). Please fill out https://forms.gle/pLLYMFhGcrziqT1N8 and we can notify you if you're selected to join the private preview.
Please note that full regionalization for Firebase Authentication is separate, and is still expected to reach preview in Q4 this year.
-
9 votes
-
10 votes
-
6 votes
-
126 votes
-
Allow enabling Firebase Auth programmatically
Instead enabling Firebase Auth manually, by navigating to the "Authentication" tab in Firebase Console and clicking "Get started", can we do all of this programmatically?
7 votes
- Don't see your idea?