89 results found
-
4 votes
-
API Revoke Token
Simple API to revoke the token/refresh token from a backend without using the SDK.
19 votes -
The errors thrown for a wrong password and an account that does not exist should be different
This is a problem I have encountered while using Firebase with Swift. I want to be able to prompt the user to sign up if they do not have an account. However, the error returned from Auth.auth().signIn(withEmail, password) is the same if the user enters the wrong password or an email the doesn't exist. If the errors were different I would be able to show the sign up prompt only if that specific error is thrown.
1 vote -
Share phone number with project if Firebase knows that number via another project
Would be a HUGE cost saver given the increased pricing of SMS multi factor authentication.
If Firebase knows the phone number / email via another project, offer the app user to share their phone number with this app and skip costly SMS verification.
2 votes -
Firebase authentication needs to support standard user profile attribute mapping
When leveraging firebase for OIDC based authentication, there is data loss in mapping of standard user profile attributes between IdP and app such as given name, family name and other attributes as specified in the standard specifications[1]. Firebase auth must implement the specification properly and ensure against data loss.
1 vote -
Make Phone Auth support MFA
Food delivery services usually need to know the phone number of their customers, to guarantee that the deliveries will be smooth.
So, a food delivery app would probably prefer authenticating users by phone number rather than by email address.
Phone auth on its own isn’t particularly secure, though, so it would be nice to allow users to optionally add email authentication as a second factor.
As of right now, phone auth doesn’t support MFA, though, which means that a food delivery app might want to force users to use email and phone 2FA right away, which might seem intrusive to…
3 votes -
Authentication using email OTP verification for Firebase login
I want to be able to perform an OTP verification for logging into my application using firebase.
I want this feature to follow the following user journey:
- Request OTP for login.
- OTP sent to my email.
- I type in the OTP for verification.
- Authentication and access granted.1 vote -
119 votes
-
Add Support for Firebase App Check Without Requiring Authentication for Android Storage Access
The issue I am encountering is quite unusual. It arises whenever we try to access storage, even though I am using App Check and Firebase authentication is not required. Our App Check setup appears to be functioning correctly, and we can fetch data without any problems. However, these errors still appear in the console. This issue is occurring only in the Android, while the iOS works fine.
Console error:
error getting token java.util.concurrent.ExecutionException: com.google.firebase.internal.api.FirebaseNoSignedInUserException: Please sign in before trying to get a token.1 vote -
Enable auth by email only for allowed domains
Application that is intended only for students of one university and I want to restrict creating of new accounts only to students of the specific university. There is a workaround of setting rules for data access in database, but I want to disallow other people to create a new account. Cleaner solution.
2 votes -
Allow "App Nickname" to be an option in the link text generated for email link authentication
Currently there is no way to customize the email sent to users who authenticate via email (deep ?) link. I understand / accept the rational for this.
For Firebase projects with multiple Apps, this leads to all authentication emails having a single title (and link) based on the "public-facing name" set in "Project settings". It would be good to have an option to use the "app nickname" used for each of the Apps within the project to form the basis for the email title + link text. This would give users more confidence that they've received a valid login email…
1 vote -
support .guru domain extension
I have a domain with the extension: .guru,
but when I enter the domain to firebase for authentication, it doesn;t accept it as a valid domain name! HELP PLEASE!1 vote -
Automatic SMS OTP read with English templates
For automatic SMS retrieval to work, SMS length has to be under 64 bytes. This means currently that for English SMS template, the app name has to be 11-14 characters. Play Console allows max 30 characters. Firebase doesn't allow customers to modify the SMS template contents themselves. Now I'm working around by utilizing some other languages, that will fit below 64 bytes with current app name.
Two options I suggest to achieve this:
1) Modify the English SMS template: remove unnecessary filler words and make it shorter, so that it will fit to 64bytes with max 30 char app names.…
6 votes -
Unique password option for password policy
Add an option for the password policy to require users to create a new, unique password that has never been used for their accounts.
1 vote -
remove recaptcha firebase phone auth flutter
remove recaptcha firebase phone auth flutter
2 votes -
55 votes
-
Allow SMS customization & add Web OTP support
Web OTP support increased phone authorization conversion significantly.
Currently, We are not able to customize SMS messages to comply
https://developer.chrome.com/en/articles/web-otp/#format48 votes -
Admin SDK send email verification
Currently, sending email verification is done through the client-side sdk. There is no method (to my knowledge) for sending email verification via the Admin SDK in a server environment.
The only workaround seems to be the "generateEmailVerificationLink" function but that requires the use of a custom email service. This is different from the client-sdk functionality.
The use case is SSR focused apps where user creation is also done via the Admin SDK and/or where support for no-js availability is a requirement.
1 vote -
Security key/WebAuthn 2FA
Currently, we only have the option to use TOTP 2fa or SMS. Security keys are quickly gaining popularity, as it is a more secure option. Please add this.
2 votes -
Expand auth blocking functions
Support some additional data sent during the
signInWithEmailAndPasswordthat can be read in thebeforeCreate3 votes
- Don't see your idea?