82 results found
-
Enable auth by email only for allowed domains
Application that is intended only for students of one university and I want to restrict creating of new accounts only to students of the specific university. There is a workaround of setting rules for data access in database, but I want to disallow other people to create a new account. Cleaner solution.
2 votes -
Suggestion for Enhanced Authentication Flow in Firebase Authentication
Dear Firebase Support Team,
I hope this message finds you well. I am reaching out to share a suggestion that I believe could greatly benefit Firebase Authentication and developers working on more complex applications.
Currently, Firebase Authentication provides excellent flexibility with signInWithPhoneNumber and createUserWithEmailAndPassword, allowing projects to authenticate users using either a phone number or an email/password combination. However, in certain projects, both the phone number and email/password are essential to meet higher security standards and user profile requirements.
In these cases, having an integrated authentication flow that combines signInWithPhoneNumber and createUserWithEmailAndPassword within a single, cohesive process would be highly…
2 votes -
Make Phone Auth support MFA
Food delivery services usually need to know the phone number of their customers, to guarantee that the deliveries will be smooth.
So, a food delivery app would probably prefer authenticating users by phone number rather than by email address.
Phone auth on its own isn’t particularly secure, though, so it would be nice to allow users to optionally add email authentication as a second factor.
As of right now, phone auth doesn’t support MFA, though, which means that a food delivery app might want to force users to use email and phone 2FA right away, which might seem intrusive to…
2 votes -
Security key/WebAuthn 2FA
Currently, we only have the option to use TOTP 2fa or SMS. Security keys are quickly gaining popularity, as it is a more secure option. Please add this.
2 votes -
Add support to programmatically configure social providers for tenants
Add the ability to configure social authentication methods like Google, Facebook, etc. like how OIDC and SAML can be done.
Also, the ability to use the parent configuration for Google Authentication so it is just an enable like in the Web Console UI. This reduces the overhead code that we need to provide if all we are doing is splitting into different tenants for management reasons.
2 votes -
Need a .net MAUI support on Apple sign-in for authentication
Need a .net MAUI support on Apple sign-in for authentication
2 votes -
Add custom permissions claims to access tokens via Firebase web interface
Firebase currently only allows you to add custom claims to ID tokens, and it suggests adding role based access control (RBAC) permissions in those ID token claims.
RBAC custom claims should be added to the access token which is already included in the Authorization header in all API requests, so the API already has access to the token that it needs. Additionally including an ID token in API requests so that the API can read permissions from it is overly complicated and superfluous.
Furthermore, you should be able to add these claims to access tokens for specific users via the…
2 votes -
2 votes
-
Auth: install, not only authorise, a GitHub app
GitHub Apps are now the preferred alternative to GitHub Oauth Apps. When authenticating with Firebase Auth and a GitHub App, the app is "authorised" but not "installed", which can lead to inconsistent behaviour (https://github.com/orgs/community/discussions/61677). It would be nice if the GitHub provider had an option for prompting the user to "Authorise and Install" rather than only "Authorise".
2 votes -
Disable Passwordless Sign-In for E-mail
As Firebase is retiring Dynamic Links, it is no longer possible to set up the Dynamic Link required for Passwordless Sign-In via e-mail. I recommend that either Firebase disable Passwordless Sign-In, or that they update their documentation outlining the new method to do Passwordless Sign-In without their Dynamic Link.
2 votes -
Authentication feature in Android Wear / WearOS application
The ability to handle autentication and registration feature in android wear / wearos applications, using FirebaseUI or the official firebase auth library in gradle.
Ideally, the same features promoted to android apps but in the wearable world, taking in account the considerations related to battery, performance and data fetching and processing applied to wearables.
2 votes -
Magic link with phone auth
Create magic links in sent SMS messages so users can click on the link in the SMS and log-in into the app, similar to email magic link auth.
2 votes -
Security vulnerability on using SHA-1 weak hash algorithm
Firebase using SHA-1 weak hash algorithm. This is being raised as Security vulnerability. Recommended to upgrade the hash algorithm.
2 votes -
2 votes
-
Deactivate the automatic sending of the email template with a checkbox
Hello everyone,
currently not all email templates can be changed. For example, when activating multifactor authentication, you have to be satisfied with the ugly automatically generated email from firebase. It would probably be an easy to implement development if you could deactivate the automatic sending of the email template with a checkbox. Then you could implement your own email dispatch. Please provide a way to disable the automatic sending of email templates.
Thank you and best regards
1 vote -
Add more auth built-in auth methods
The way that Firebase helps developers quickly setup OAuth providers is amazing, but it would be really helpful if there were more providers to choose from. I'm sure you could do it if you set things up yourself, but making it easier to use services like LinkedIn would be really helpful.
1 vote -
multiplatform
full support for KMM android, web, ios and desktop.
What is the point of not supporting all of these?we build the best car but you can only use one wheel. Not a great theory for adoption.
1 vote -
The errors thrown for a wrong password and an account that does not exist should be different
This is a problem I have encountered while using Firebase with Swift. I want to be able to prompt the user to sign up if they do not have an account. However, the error returned from Auth.auth().signIn(withEmail, password) is the same if the user enters the wrong password or an email the doesn't exist. If the errors were different I would be able to show the sign up prompt only if that specific error is thrown.
1 vote -
Firebase authentication needs to support standard user profile attribute mapping
When leveraging firebase for OIDC based authentication, there is data loss in mapping of standard user profile attributes between IdP and app such as given name, family name and other attributes as specified in the standard specifications[1]. Firebase auth must implement the specification properly and ensure against data loss.
1 vote -
Authentication using email OTP verification for Firebase login
I want to be able to perform an OTP verification for logging into my application using firebase.
I want this feature to follow the following user journey:
- Request OTP for login.
- OTP sent to my email.
- I type in the OTP for verification.
- Authentication and access granted.1 vote
- Don't see your idea?