117 results found
-
Add option to block client-side password reset in firebase
See here: https://stackoverflow.com/questions/77313457/block-client-side-password-reset-in-firebase
I would like to be able to disable all client-side password resets, both sending a password reset email and directly updating a password after re-authenticating so I can do all my logic though the admin API in functions.
For example, add and option in Authentication -> settings -> user actions that blocks client-side password resets (throws an 'auth/admin-restricted-operation')
(Would be nice to have this option for all auth functions, so you can decide to control access for everything better)
8 votes -
Support declaring windows-app-web-link JSON file to allow Firebase auth in Windows apps
In order to catch Firebase redirect URL like
https://<app>.firebaseapp.com/__/auth/handlerWindows requires windows-app-web-link JSON file to bedclared in the root likehttps://<app>.firebaseapp.com/windows-app-web-link
https://learn.microsoft.com/en-us/windows/uwp/launch-resume/web-to-app-linking10 votes -
Blocking Functions for User Reset password
Currently you can only add blocking functions for User signup and User sign in. I want to be able to add a Blocking function for User Reset password.
This way I can customize password requirements at the API level and implement features in Cloud functions + Firestore such as preventing previous password reuse.
I would have used Cloud Functions + Firestore for my Blocking function, but because this feature didn't exist I ultimately decided to move my auth password checks to my AWS hosted backend API.
3 votes -
Enhance password security
Currently, it is entirely possible for a user to reset a password that is unsecure with firebase's miniapp
it does not validate against the default password conditions or reference the identity toolkit policies
a community member has created a temporary fix
https://betterprogramming.pub/firebases-password-reset-is-insecure-here-s-how-to-fix-it-882629e3b779I propose this reset dialog gets enhanced to a standard.
and allow projects to integrate password policies from the identity toolkit
https://cloud.google.com/identity-platform/docs/password-policy5 votes -
Does Native Support for Authentication for EHR Providers like Epic and Cerner
Authentication is a difficult part of getting healthcare apps out there, and rightfully so, patient data security is hugely important. If Firebase offered this natively, not only would development be faster, but fewer mistakes/vulnerabilities would be present in healthcare apps that integrate with EHR.
2 votes -
2 votes
-
Authenticate via email code
We can now use passwordless authentication using email link. This is troublesome on Flutter web clients (a new tab/second instance of app is opened). An option to type 4 digit code received on email to authenticate would be a nice solution.
BTW. Let me know if you could help me with the email link web client authentication, thanks!7 votes -
Login with WhatsApp
Just like phone auth, WhatsApp auth would be greatly beneficial for Asian markets. Users don't need to verify with OTP and us developers get access to their WhatsApp directly for promotion purposes.
5 votes -
Google Play User Data Delete Requirement
Google requires a web link that enables users to delete all their data, even after they have uninstalled the application. For a "serverless" app that only uses Firebase Auth, it would be ideal to have a plug-and-play solution for hosting a single webpage that complies with Google Play's policy.
11 votes -
Add Bulk User Update to SDK
Add a bulk update user method to avoid handling the user configuration update limit of 10/s in code. Specifically, my use case is to bulk disable/enable users in a single call.
1 vote -
1 vote
-
Disable Passwordless Sign-In for E-mail
As Firebase is retiring Dynamic Links, it is no longer possible to set up the Dynamic Link required for Passwordless Sign-In via e-mail. I recommend that either Firebase disable Passwordless Sign-In, or that they update their documentation outlining the new method to do Passwordless Sign-In without their Dynamic Link.
3 votes -
Shorten email verification link
I am building a web application using Firebase authentication. I require email verification to have users access our platform. Currently, the link is quite long, but I was wondering if there was any way to shorten the URL to make it more user friendly, and to make it look less spam-like
3 votes -
10 votes
-
10 votes
-
9 votes
-
Magic link with phone auth
Create magic links in sent SMS messages so users can click on the link in the SMS and log-in into the app, similar to email magic link auth.
3 votes -
Allow enabling Firebase Auth programmatically
Instead enabling Firebase Auth manually, by navigating to the "Authentication" tab in Firebase Console and clicking "Get started", can we do all of this programmatically?
7 votes -
MFA option to "remember device"
User shouldn't have to enter MFA every time logging in on same device. There should be a boolean option remember device for some period of time (somewhere between 2 weeks and forever)
5 votes -
Authentication feature in Android Wear / WearOS application
The ability to handle autentication and registration feature in android wear / wearos applications, using FirebaseUI or the official firebase auth library in gradle.
Ideally, the same features promoted to android apps but in the wearable world, taking in account the considerations related to battery, performance and data fetching and processing applied to wearables.
2 votes
- Don't see your idea?