52 results found
-
add sendSignInLinkToEmail to the Admin SDK
The Firebase Client SDK allows us to send emails with sign-in links. The Firebase Admin SDK allows use to generate sign-in links, but not send them. Instead, we need to set up a third-party provider to sign in users who don't or can't enable JavaScript.
Why?
If you have the ability to send the links, at least allow me to pay you for it. The fact that another service needs to be set up is a gigantic waste of time.
1 vote -
Automatic SMS OTP read with English templates
For automatic SMS retrieval to work, SMS length has to be under 64 bytes. This means currently that for English SMS template, the app name has to be 11-14 characters. Play Console allows max 30 characters. Firebase doesn't allow customers to modify the SMS template contents themselves. Now I'm working around by utilizing some other languages, that will fit below 64 bytes with current app name.
Two options I suggest to achieve this:
1) Modify the English SMS template: remove unnecessary filler words and make it shorter, so that it will fit to 64bytes with max 30 char app names.…
2 votes -
Add custom permissions claims to access tokens via Firebase web interface
Firebase currently only allows you to add custom claims to ID tokens, and it suggests adding role based access control (RBAC) permissions in those ID token claims.
RBAC custom claims should be added to the access token which is already included in the Authorization header in all API requests, so the API already has access to the token that it needs. Additionally including an ID token in API requests so that the API can read permissions from it is overly complicated and superfluous.
Furthermore, you should be able to add these claims to access tokens for specific users via the…
2 votes -
Multifactor admin SDK: "Other Admin SDK languages are not currently supported."
The page "Manage Multi-factor Users" (https://firebase.google.com/docs/auth/admin/manage-mfa-users) says "Install the Node.js Admin SDK. Other Admin SDK languages are not currently supported."
It's odd that this random feature doesn't work in other languages. Please add them (mainly C#).
2 votes -
API Revoke Token
Simple API to revoke the token/refresh token from a backend without using the SDK.
13 votes -
Does Native Support for Authentication for EHR Providers like Epic and Cerner
Authentication is a difficult part of getting healthcare apps out there, and rightfully so, patient data security is hugely important. If Firebase offered this natively, not only would development be faster, but fewer mistakes/vulnerabilities would be present in healthcare apps that integrate with EHR.
1 vote -
2 votes
-
Add Bulk User Update to SDK
Add a bulk update user method to avoid handling the user configuration update limit of 10/s in code. Specifically, my use case is to bulk disable/enable users in a single call.
1 vote -
1 vote
-
Blocking Functions for User Reset password
Currently you can only add blocking functions for User signup and User sign in. I want to be able to add a Blocking function for User Reset password.
This way I can customize password requirements at the API level and implement features in Cloud functions + Firestore such as preventing previous password reuse.
I would have used Cloud Functions + Firestore for my Blocking function, but because this feature didn't exist I ultimately decided to move my auth password checks to my AWS hosted backend API.
1 vote -
Auth: install, not only authorise, a GitHub app
GitHub Apps are now the preferred alternative to GitHub Oauth Apps. When authenticating with Firebase Auth and a GitHub App, the app is "authorised" but not "installed", which can lead to inconsistent behaviour (https://github.com/orgs/community/discussions/61677). It would be nice if the GitHub provider had an option for prompting the user to "Authorise and Install" rather than only "Authorise".
1 vote -
Support firebaseui-web
This highly valuable library is out of date with many issues.
1 vote -
RecaptchaVerifier should provide access to the shared secret
I'm creating a Contact form in a React app, which stores the user input in firebase. I'd like to secure the form with a visible reCAPTCHA, and I'm trying out firebase's built-in reCAPTCHA functionality.
firebase/auth/RecaptchaVerifierdoes provide a callback, which can be used to sign in a user, and documentation shows it working when signing in with a phone number. Can it be used with anonymous authentication though?When the form is submitted, I have a server component that saves the form fields to firestore. However, how can I verify the recaptcha before committing the data to firestore?
I feel…
1 vote -
Enhance password security
Currently, it is entirely possible for a user to reset a password that is unsecure with firebase's miniapp
it does not validate against the default password conditions or reference the identity toolkit policies
a community member has created a temporary fix
https://betterprogramming.pub/firebases-password-reset-is-insecure-here-s-how-to-fix-it-882629e3b779I propose this reset dialog gets enhanced to a standard.
and allow projects to integrate password policies from the identity toolkit
https://cloud.google.com/identity-platform/docs/password-policy3 votes -
firebase auth ui react component
Firebase auth ui component was broken. When trying to log in it wil not show the password input field.
1 vote -
Turning Off Auto Login when creating New User
The Firebase createUserWithEmailAndPassword function currently auto-logs in the newly created user. However, it's crucial to have an option to turn off auto-login, especially in admin panel scenarios. This can help prevent issues where the admin session expires due to the new user login. Providing such an option will enhance flexibility and control in user management.
8 votes -
Add option to block client-side password reset in firebase
See here: https://stackoverflow.com/questions/77313457/block-client-side-password-reset-in-firebase
I would like to be able to disable all client-side password resets, both sending a password reset email and directly updating a password after re-authenticating so I can do all my logic though the admin API in functions.
For example, add and option in Authentication -> settings -> user actions that blocks client-side password resets (throws an 'auth/admin-restricted-operation')
(Would be nice to have this option for all auth functions, so you can decide to control access for everything better)
4 votes -
Disable Passwordless Sign-In for E-mail
As Firebase is retiring Dynamic Links, it is no longer possible to set up the Dynamic Link required for Passwordless Sign-In via e-mail. I recommend that either Firebase disable Passwordless Sign-In, or that they update their documentation outlining the new method to do Passwordless Sign-In without their Dynamic Link.
1 vote -
generateRecoverEmailLink
Just as there is "generatePasswordResetLink" to obtain the link to reset the password, I need a method to obtain the link to recover the email, after an email change.
The same link that is sent in the email when an email change is made using "updateEmail" from the front.
Since without that, there is no way to use Firebase to reverse an email change through a link in a custom email, and I would have to build a complete flow on my website for this.
1 vote -
Authentication feature in Android Wear / WearOS application
The ability to handle autentication and registration feature in android wear / wearos applications, using FirebaseUI or the official firebase auth library in gradle.
Ideally, the same features promoted to android apps but in the wearable world, taking in account the considerations related to battery, performance and data fetching and processing applied to wearables.
1 vote
- Don't see your idea?