81 results found
-
Suggestion for Enhanced Authentication Flow in Firebase Authentication
Dear Firebase Support Team,
I hope this message finds you well. I am reaching out to share a suggestion that I believe could greatly benefit Firebase Authentication and developers working on more complex applications.
Currently, Firebase Authentication provides excellent flexibility with signInWithPhoneNumber and createUserWithEmailAndPassword, allowing projects to authenticate users using either a phone number or an email/password combination. However, in certain projects, both the phone number and email/password are essential to meet higher security standards and user profile requirements.
In these cases, having an integrated authentication flow that combines signInWithPhoneNumber and createUserWithEmailAndPassword within a single, cohesive process would be highly…
2 votes -
Make Phone Auth support MFA
Food delivery services usually need to know the phone number of their customers, to guarantee that the deliveries will be smooth.
So, a food delivery app would probably prefer authenticating users by phone number rather than by email address.
Phone auth on its own isn’t particularly secure, though, so it would be nice to allow users to optionally add email authentication as a second factor.
As of right now, phone auth doesn’t support MFA, though, which means that a food delivery app might want to force users to use email and phone 2FA right away, which might seem intrusive to…
2 votes -
Share phone number with project if Firebase knows that number via another project
Would be a HUGE cost saver given the increased pricing of SMS multi factor authentication.
If Firebase knows the phone number / email via another project, offer the app user to share their phone number with this app and skip costly SMS verification.
1 vote -
support .guru domain extension
I have a domain with the extension: .guru,
but when I enter the domain to firebase for authentication, it doesn;t accept it as a valid domain name! HELP PLEASE!1 vote -
Automatic SMS OTP read with English templates
For automatic SMS retrieval to work, SMS length has to be under 64 bytes. This means currently that for English SMS template, the app name has to be 11-14 characters. Play Console allows max 30 characters. Firebase doesn't allow customers to modify the SMS template contents themselves. Now I'm working around by utilizing some other languages, that will fit below 64 bytes with current app name.
Two options I suggest to achieve this:
1) Modify the English SMS template: remove unnecessary filler words and make it shorter, so that it will fit to 64bytes with max 30 char app names.…
6 votes -
Unique password option for password policy
Add an option for the password policy to require users to create a new, unique password that has never been used for their accounts.
1 vote -
Admin SDK send email verification
Currently, sending email verification is done through the client-side sdk. There is no method (to my knowledge) for sending email verification via the Admin SDK in a server environment.
The only workaround seems to be the "generateEmailVerificationLink" function but that requires the use of a custom email service. This is different from the client-sdk functionality.
The use case is SSR focused apps where user creation is also done via the Admin SDK and/or where support for no-js availability is a requirement.
1 vote -
53 votes
-
Allow SMS customization & add Web OTP support
Web OTP support increased phone authorization conversion significantly.
Currently, We are not able to customize SMS messages to comply
https://developer.chrome.com/en/articles/web-otp/#format46 votes -
Security key/WebAuthn 2FA
Currently, we only have the option to use TOTP 2fa or SMS. Security keys are quickly gaining popularity, as it is a more secure option. Please add this.
2 votes -
Expand auth blocking functions
Support some additional data sent during the
signInWithEmailAndPasswordthat can be read in thebeforeCreate3 votes -
5 emails
I saw this on the documentation website: "Note: The limits for email link sign-in emails were recently changed. Please add a billing instrument to go beyond 5 email link sign-in emails."
It's really strange that you quietly set the limit of sign-in emails to 5. Why? It makes no sense. For testing it's too low, and for production of course.
First you hook developers up to Firebase and then you quietly lower the limits. Good business practices.
1 vote -
Include User Online Feature
Just like we have user logged in etc, can we have isUserOnline?
3 votes -
Add support to programmatically configure social providers for tenants
Add the ability to configure social authentication methods like Google, Facebook, etc. like how OIDC and SAML can be done.
Also, the ability to use the parent configuration for Google Authentication so it is just an enable like in the Web Console UI. This reduces the overhead code that we need to provide if all we are doing is splitting into different tenants for management reasons.
2 votes -
remove recaptcha firebase phone auth flutter
remove recaptcha firebase phone auth flutter
1 vote -
Custom Claims Editor
Show Custom Claims and allow them to be managed in the Firebase Authentication Console (like in the Emulator). Usefull for manually creating the first super user, for example.
32 votes -
Turning Off Auto Login when creating New User
The Firebase createUserWithEmailAndPassword function currently auto-logs in the newly created user. However, it's crucial to have an option to turn off auto-login, especially in admin panel scenarios. This can help prevent issues where the admin session expires due to the new user login. Providing such an option will enhance flexibility and control in user management.
11 votes -
Need a .net MAUI support on Apple sign-in for authentication
Need a .net MAUI support on Apple sign-in for authentication
2 votes -
[Email Verification] Need to have a param to set expiration time
As of now, there is no way we can set a custom expiration time for the Email Signin with link authentication. Our use case is that we generate this link through admin sdk and then mail the users (as an invite).
Hence, it becomes really important for us to have a custom expiration time.
1 vote -
Multifactor admin SDK: "Other Admin SDK languages are not currently supported."
The page "Manage Multi-factor Users" (https://firebase.google.com/docs/auth/admin/manage-mfa-users) says "Install the Node.js Admin SDK. Other Admin SDK languages are not currently supported."
It's odd that this random feature doesn't work in other languages. Please add them (mainly C#).
3 votes
- Don't see your idea?