94 results found
-
Allow enabling Firebase Auth programmatically
Instead enabling Firebase Auth manually, by navigating to the "Authentication" tab in Firebase Console and clicking "Get started", can we do all of this programmatically?
7 votes -
Automatic SMS OTP read with English templates
For automatic SMS retrieval to work, SMS length has to be under 64 bytes. This means currently that for English SMS template, the app name has to be 11-14 characters. Play Console allows max 30 characters. Firebase doesn't allow customers to modify the SMS template contents themselves. Now I'm working around by utilizing some other languages, that will fit below 64 bytes with current app name.
Two options I suggest to achieve this:
1) Modify the English SMS template: remove unnecessary filler words and make it shorter, so that it will fit to 64bytes with max 30 char app names.…
6 votes -
6 votes
-
Use readable date format for email sign-in
According to
https://firebase.google.com/docs/auth/web/email-link-auth#default-email
and
https://github.com/firebase/firebase-js-sdk/issues/2574
The email sign in template contains a timestamp in the email title and body, so email are not collapsed into a sigle thread.I believe the current date time format, such as 2024 November 11 13:33 UTC is not user friendly, and should be replaced with a more readable format, such as Nov. 11, 2024, 11:33.
The mail language is already based on the language set in the Firebase Authentication -> Template language section, so the formatting can be done based on the same setting, or a new option can be added in the Firebase…
5 votes -
Allow configuring standard Firebase Authentication via Terraform
The google Terraform providers allow creating and configuring Firebase projects via Terraform.
This includes Firebase Authentication via the googleidentityplatform_config Terraform resource, but also forces an upgrade to Firebase Authentication with Identity Platform.
Identity Platform has a much higher cost.
We'd like to be able to configure standard Firebase Authentication via Terraform
5 votes -
RecaptchaVerifier should provide access to the shared secret
I'm creating a Contact form in a React app, which stores the user input in firebase. I'd like to secure the form with a visible reCAPTCHA, and I'm trying out firebase's built-in reCAPTCHA functionality.
firebase/auth/RecaptchaVerifierdoes provide a callback, which can be used to sign in a user, and documentation shows it working when signing in with a phone number. Can it be used with anonymous authentication though?When the form is submitted, I have a server component that saves the form fields to firestore. However, how can I verify the recaptcha before committing the data to firestore?
I feel…
5 votes -
Enhance password security
Currently, it is entirely possible for a user to reset a password that is unsecure with firebase's miniapp
it does not validate against the default password conditions or reference the identity toolkit policies
a community member has created a temporary fix
https://betterprogramming.pub/firebases-password-reset-is-insecure-here-s-how-to-fix-it-882629e3b779I propose this reset dialog gets enhanced to a standard.
and allow projects to integrate password policies from the identity toolkit
https://cloud.google.com/identity-platform/docs/password-policy5 votes -
Authenticate via email code
We can now use passwordless authentication using email link. This is troublesome on Flutter web clients (a new tab/second instance of app is opened). An option to type 4 digit code received on email to authenticate would be a nice solution.
BTW. Let me know if you could help me with the email link web client authentication, thanks!5 votes -
MFA option to "remember device"
User shouldn't have to enter MFA every time logging in on same device. There should be a boolean option remember device for some period of time (somewhere between 2 weeks and forever)
5 votes -
Suggestion for Enhanced Authentication Flow in Firebase Authentication
Dear Firebase Support Team,
I hope this message finds you well. I am reaching out to share a suggestion that I believe could greatly benefit Firebase Authentication and developers working on more complex applications.
Currently, Firebase Authentication provides excellent flexibility with signInWithPhoneNumber and createUserWithEmailAndPassword, allowing projects to authenticate users using either a phone number or an email/password combination. However, in certain projects, both the phone number and email/password are essential to meet higher security standards and user profile requirements.
In these cases, having an integrated authentication flow that combines signInWithPhoneNumber and createUserWithEmailAndPassword within a single, cohesive process would be highly…
4 votes -
4 votes
-
Multifactor admin SDK: "Other Admin SDK languages are not currently supported."
The page "Manage Multi-factor Users" (https://firebase.google.com/docs/auth/admin/manage-mfa-users) says "Install the Node.js Admin SDK. Other Admin SDK languages are not currently supported."
It's odd that this random feature doesn't work in other languages. Please add them (mainly C#).
4 votes -
Login with WhatsApp
Just like phone auth, WhatsApp auth would be greatly beneficial for Asian markets. Users don't need to verify with OTP and us developers get access to their WhatsApp directly for promotion purposes.
4 votes -
4 votes
-
Option to enable MFA by provider
There should be an option to turn on MFA for a user for specific provider (e.g., password). Since user's Google signin might have MFA already, it's sort of inconvenient to have extra MFA barrier for Firebase Auth tenant.
4 votes -
Setting to disable returning auth error type
Currently errors such as "wrong password", "user with this email doesn't exists" etc are always returned to client. Would be nice to have the option to only return a generic error message to improve security.
4 votes -
Separate/standalone Authentication admin library
Quite often I only need the firebase-admin/auth part of the NodeJS admin library. Especially when separating the application into single-purpose containers/microservices.
However because there is no separate NPM package for the auth part, I need to pull in the entire firebase-admin package, which pulls in a HUGE number of dependencies like @google-cloud/firestore @google-cloud/storage, google-gax, @grpc/grpc-js protobufjs and a multitude of others which are not needed for the auth part.
Much of the other components like Firestore, Storage etc can be used directly from the @google-cloud/... libraries without the entire firebase-admin package.
But there is no separate package for Authentication.
Authentication…
4 votes -
4 votes
-
Make Phone Auth support MFA
Food delivery services usually need to know the phone number of their customers, to guarantee that the deliveries will be smooth.
So, a food delivery app would probably prefer authenticating users by phone number rather than by email address.
Phone auth on its own isn’t particularly secure, though, so it would be nice to allow users to optionally add email authentication as a second factor.
As of right now, phone auth doesn’t support MFA, though, which means that a food delivery app might want to force users to use email and phone 2FA right away, which might seem intrusive to…
3 votes -
Expand auth blocking functions
Support some additional data sent during the
signInWithEmailAndPasswordthat can be read in thebeforeCreate3 votes
- Don't see your idea?