73 results found
-
51 votes
-
5 emails
I saw this on the documentation website: "Note: The limits for email link sign-in emails were recently changed. Please add a billing instrument to go beyond 5 email link sign-in emails."
It's really strange that you quietly set the limit of sign-in emails to 5. Why? It makes no sense. For testing it's too low, and for production of course.
First you hook developers up to Firebase and then you quietly lower the limits. Good business practices.
1 vote -
Allow SMS customization & add Web OTP support
Web OTP support increased phone authorization conversion significantly.
Currently, We are not able to customize SMS messages to comply
https://developer.chrome.com/en/articles/web-otp/#format43 votes -
Include User Online Feature
Just like we have user logged in etc, can we have isUserOnline?
3 votes -
Add support to programmatically configure social providers for tenants
Add the ability to configure social authentication methods like Google, Facebook, etc. like how OIDC and SAML can be done.
Also, the ability to use the parent configuration for Google Authentication so it is just an enable like in the Web Console UI. This reduces the overhead code that we need to provide if all we are doing is splitting into different tenants for management reasons.
2 votes -
remove recaptcha firebase phone auth flutter
remove recaptcha firebase phone auth flutter
1 vote -
Custom Claims Editor
Show Custom Claims and allow them to be managed in the Firebase Authentication Console (like in the Emulator). Usefull for manually creating the first super user, for example.
32 votes -
Expand auth blocking functions
Support some additional data sent during the
signInWithEmailAndPasswordthat can be read in thebeforeCreate2 votes -
Turning Off Auto Login when creating New User
The Firebase createUserWithEmailAndPassword function currently auto-logs in the newly created user. However, it's crucial to have an option to turn off auto-login, especially in admin panel scenarios. This can help prevent issues where the admin session expires due to the new user login. Providing such an option will enhance flexibility and control in user management.
10 votes -
[Email Verification] Need to have a param to set expiration time
As of now, there is no way we can set a custom expiration time for the Email Signin with link authentication. Our use case is that we generate this link through admin sdk and then mail the users (as an invite).
Hence, it becomes really important for us to have a custom expiration time.
1 vote -
Multifactor admin SDK: "Other Admin SDK languages are not currently supported."
The page "Manage Multi-factor Users" (https://firebase.google.com/docs/auth/admin/manage-mfa-users) says "Install the Node.js Admin SDK. Other Admin SDK languages are not currently supported."
It's odd that this random feature doesn't work in other languages. Please add them (mainly C#).
3 votes -
Blocking Functions for User Reset password
Currently you can only add blocking functions for User signup and User sign in. I want to be able to add a Blocking function for User Reset password.
This way I can customize password requirements at the API level and implement features in Cloud functions + Firestore such as preventing previous password reuse.
I would have used Cloud Functions + Firestore for my Blocking function, but because this feature didn't exist I ultimately decided to move my auth password checks to my AWS hosted backend API.
3 votes -
Need a .net MAUI support on Apple sign-in for authentication
Need a .net MAUI support on Apple sign-in for authentication
1 vote -
Add custom permissions claims to access tokens via Firebase web interface
Firebase currently only allows you to add custom claims to ID tokens, and it suggests adding role based access control (RBAC) permissions in those ID token claims.
RBAC custom claims should be added to the access token which is already included in the Authorization header in all API requests, so the API already has access to the token that it needs. Additionally including an ID token in API requests so that the API can read permissions from it is overly complicated and superfluous.
Furthermore, you should be able to add these claims to access tokens for specific users via the…
2 votes -
azure
For Firebase / Flutter administrators who would like to use Entra AD (Azure AD) for Flutter Android,iOS and Web apps, the administrative setup and documentation should be easy to follow. The administrative process should be consistent with the Google authentication scenario.
1 vote -
Add option to block client-side password reset in firebase
See here: https://stackoverflow.com/questions/77313457/block-client-side-password-reset-in-firebase
I would like to be able to disable all client-side password resets, both sending a password reset email and directly updating a password after re-authenticating so I can do all my logic though the admin API in functions.
For example, add and option in Authentication -> settings -> user actions that blocks client-side password resets (throws an 'auth/admin-restricted-operation')
(Would be nice to have this option for all auth functions, so you can decide to control access for everything better)
6 votes -
2 votes
-
Enhance password security
Currently, it is entirely possible for a user to reset a password that is unsecure with firebase's miniapp
it does not validate against the default password conditions or reference the identity toolkit policies
a community member has created a temporary fix
https://betterprogramming.pub/firebases-password-reset-is-insecure-here-s-how-to-fix-it-882629e3b779I propose this reset dialog gets enhanced to a standard.
and allow projects to integrate password policies from the identity toolkit
https://cloud.google.com/identity-platform/docs/password-policy4 votes -
Auth: install, not only authorise, a GitHub app
GitHub Apps are now the preferred alternative to GitHub Oauth Apps. When authenticating with Firebase Auth and a GitHub App, the app is "authorised" but not "installed", which can lead to inconsistent behaviour (https://github.com/orgs/community/discussions/61677). It would be nice if the GitHub provider had an option for prompting the user to "Authorise and Install" rather than only "Authorise".
2 votes -
RecaptchaVerifier should provide access to the shared secret
I'm creating a Contact form in a React app, which stores the user input in firebase. I'd like to secure the form with a visible reCAPTCHA, and I'm trying out firebase's built-in reCAPTCHA functionality.
firebase/auth/RecaptchaVerifierdoes provide a callback, which can be used to sign in a user, and documentation shows it working when signing in with a phone number. Can it be used with anonymous authentication though?When the form is submitted, I have a server component that saves the form fields to firestore. However, how can I verify the recaptcha before committing the data to firestore?
I feel…
3 votes
- Don't see your idea?