75 results found
-
Support declaring windows-app-web-link JSON file to allow Firebase auth in Windows apps
In order to catch Firebase redirect URL like
https://<app>.firebaseapp.com/__/auth/handler
Windows requires windows-app-web-link JSON file to bedclared in the root likehttps://<app>.firebaseapp.com/windows-app-web-link
https://learn.microsoft.com/en-us/windows/uwp/launch-resume/web-to-app-linking6 votes -
Allow configuring standard Firebase Authentication via Terraform
The google Terraform providers allow creating and configuring Firebase projects via Terraform.
This includes Firebase Authentication via the googleidentityplatform_config Terraform resource, but also forces an upgrade to Firebase Authentication with Identity Platform.
Identity Platform has a much higher cost.
We'd like to be able to configure standard Firebase Authentication via Terraform
5 votes -
MFA option to "remember device"
User shouldn't have to enter MFA every time logging in on same device. There should be a boolean option remember device for some period of time (somewhere between 2 weeks and forever)
5 votes -
5 votes
-
Use readable date format for email sign-in
According to
https://firebase.google.com/docs/auth/web/email-link-auth#default-email
and
https://github.com/firebase/firebase-js-sdk/issues/2574
The email sign in template contains a timestamp in the email title and body, so email are not collapsed into a sigle thread.I believe the current date time format, such as 2024 November 11 13:33 UTC is not user friendly, and should be replaced with a more readable format, such as Nov. 11, 2024, 11:33.
The mail language is already based on the language set in the Firebase Authentication -> Template language section, so the formatting can be done based on the same setting, or a new option can be added in the Firebase…
4 votes -
4 votes
-
Enhance password security
Currently, it is entirely possible for a user to reset a password that is unsecure with firebase's miniapp
it does not validate against the default password conditions or reference the identity toolkit policies
a community member has created a temporary fix
https://betterprogramming.pub/firebases-password-reset-is-insecure-here-s-how-to-fix-it-882629e3b779I propose this reset dialog gets enhanced to a standard.
and allow projects to integrate password policies from the identity toolkit
https://cloud.google.com/identity-platform/docs/password-policy4 votes -
Authenticate via email code
We can now use passwordless authentication using email link. This is troublesome on Flutter web clients (a new tab/second instance of app is opened). An option to type 4 digit code received on email to authenticate would be a nice solution.
BTW. Let me know if you could help me with the email link web client authentication, thanks!4 votes -
4 votes
-
Option to enable MFA by provider
There should be an option to turn on MFA for a user for specific provider (e.g., password). Since user's Google signin might have MFA already, it's sort of inconvenient to have extra MFA barrier for Firebase Auth tenant.
4 votes -
Separate/standalone Authentication admin library
Quite often I only need the firebase-admin/auth part of the NodeJS admin library. Especially when separating the application into single-purpose containers/microservices.
However because there is no separate NPM package for the auth part, I need to pull in the entire firebase-admin package, which pulls in a HUGE number of dependencies like @google-cloud/firestore @google-cloud/storage, google-gax, @grpc/grpc-js protobufjs and a multitude of others which are not needed for the auth part.
Much of the other components like Firestore, Storage etc can be used directly from the @google-cloud/... libraries without the entire firebase-admin package.
But there is no separate package for Authentication.
Authentication…
4 votes -
Include User Online Feature
Just like we have user logged in etc, can we have isUserOnline?
3 votes -
Multifactor admin SDK: "Other Admin SDK languages are not currently supported."
The page "Manage Multi-factor Users" (https://firebase.google.com/docs/auth/admin/manage-mfa-users) says "Install the Node.js Admin SDK. Other Admin SDK languages are not currently supported."
It's odd that this random feature doesn't work in other languages. Please add them (mainly C#).
3 votes -
Blocking Functions for User Reset password
Currently you can only add blocking functions for User signup and User sign in. I want to be able to add a Blocking function for User Reset password.
This way I can customize password requirements at the API level and implement features in Cloud functions + Firestore such as preventing previous password reuse.
I would have used Cloud Functions + Firestore for my Blocking function, but because this feature didn't exist I ultimately decided to move my auth password checks to my AWS hosted backend API.
3 votes -
RecaptchaVerifier should provide access to the shared secret
I'm creating a Contact form in a React app, which stores the user input in firebase. I'd like to secure the form with a visible reCAPTCHA, and I'm trying out firebase's built-in reCAPTCHA functionality.
firebase/auth/RecaptchaVerifier
does provide a callback, which can be used to sign in a user, and documentation shows it working when signing in with a phone number. Can it be used with anonymous authentication though?When the form is submitted, I have a server component that saves the form fields to firestore. However, how can I verify the recaptcha before committing the data to firestore?
I feel…
3 votes -
Shorten email verification link
I am building a web application using Firebase authentication. I require email verification to have users access our platform. Currently, the link is quite long, but I was wondering if there was any way to shorten the URL to make it more user friendly, and to make it look less spam-like
3 votes -
Login with WhatsApp
Just like phone auth, WhatsApp auth would be greatly beneficial for Asian markets. Users don't need to verify with OTP and us developers get access to their WhatsApp directly for promotion purposes.
3 votes -
Setting to disable returning auth error type
Currently errors such as "wrong password", "user with this email doesn't exists" etc are always returned to client. Would be nice to have the option to only return a generic error message to improve security.
3 votes -
3 votes
-
Enable auth by email only for allowed domains
Application that is intended only for students of one university and I want to restrict creating of new accounts only to students of the specific university. There is a workaround of setting rules for data access in database, but I want to disallow other people to create a new account. Cleaner solution.
2 votes
- Don't see your idea?