I would like to add phone number to existing Azure AD users. I don't want them to manually enter their phone numbers to get code for MFA.
I am trying to do this from graph like this:
PATCH https://graph.microsoft.com/v1.0/users/id
{
"mobileNumber" : "############"
}
This gave me No content - 204 status with empty brackets { }
Now I can see phone number added on user profile but it is still asking users to enter phone number to get code.
How can automate this process? Any ideas
PS: I have administrator role on my tenant so I hope I'm not missing any permissions.
Please note that, you need to create phone authentication method instead of updating mobileNumber property in user's profile.
I tried to reproduce the same in my environment and got below results:
To create phone authentication method, I used below graph query:
POST https://graph.microsoft.com/v1.0/users/<userID>/authentication/phoneMethods
{
"phoneNumber": "+91 9xxxxx4004",
"phoneType": "mobile"
}
Response:
When I checked in Azure Portal, phone number added successfully in user's Authentication methods like below:
Go to Azure Portal -> Azure Active Directory -> Users -> Your user -> Authentication methods
When user tried to sign in, it automatically displayed added phone number like below:
When user selected that option, they will receive code to their phone number which they need to enter here:
Related
hope you are well
I am trying to make an app where from the same app, you can either be a user or you can be a seller. In our case, the seller will be a restaurant and the User will be a restaurant-goer. My problem is that if I log in the "I am a restaurant login"-not a user login. On restart the app auto logs in and takes the user to the User homepage, not Seller homepage, as I am using the
auth.currentUser != null ?
Then add the home screen or login screen depending on auth state, but it is a general auth state. How would I make it show a different home screen based on the type of Logged in user. So I know why it takes me to the User homepage-I set it to do that, how would I make it takes me to one or the other
thank you
Firebase Authentication has no built-on concept of a type of user, so you will have to build that on top yourself.
You can store the user-type in the user's profile as a custom claim, or in a cloud-hosted database. In either case, you should do this from a secure environment so that user's can't change their type (unless your use-case specifically wants them to be able to).
So with that out of the way your app then takes these steps when started:
signs in the user, or restores their auth state.
determines their type.
redirects them to the correct screen.
Also see:
the links for How to create two types of users(Client , Freelancer. for example) while Auth using firebase in a flutter app?
How to create 2 different User group in Firebase AUTH with Flutter
many more results from searching for [firebase-authentication] two types of users
Please post the code you are using for this pathway.
I would advise you to create a property called userRole, and store this when the user is created.
When you send their name and image and email to Firebase after successful auth, store with that info their userRole.
In your widget tree, I'm assuming you have two widgets, CustomerHome() and RestarauntHome(). Now, after successful login, pass the user info to this widget, and check:
user.userRole == 'restaraunt' ? RestarauntHome() : CustomerHome();
This way, when they come back to the app, the page they are not allowed to see, will not be displayed.
Assuming you are using firestore database to manage your users' data, in the document of the users collection you can add a field of role whose value could be user or seller. Write to this field when a new user user/seller signs up. Then in the home page, return seller homepage when the value is seller otherwise return the user homepage. While the document is being fetched you can return the loading screen.
How can I change the support email in my Firebase project under
Settings > Your project > Public settings > Support email?
That setting doesn't show for all project it seems. But when I found it, hovering over the ? says:
This will be the email address presented to users when they are authenticating with Google. It can be changed to your signed-in email or an email of a Google Group managed by you.
So it looks like you'll need to:
Create an email or google group (possibly on your own domain).
Add it as a collaborator.
Sign in as that collaborator.
Select that email address.
Step 3 might not be needed, since I can also see the email addresses of team mates in my test project.
To change the support email, the email you want to use needs to be a member of your Firebase project.
If you need to add a member, you can select the Add member option.
In case you want to use a custom domain, you might have to create a new Google account for that email upon accepting the invitation confirmation email.
This will automatically redirect you to the Firebase Console with the new member signed in, but you can also select the email from another member's account.
All steps in a row:
Add a member (with your desired email) to your Firebase project (if you already have that, skip to 4).
Accept the Firebase invitation (an email confirmation will be sent to the desired email address)
Create a Google account for that email (this is an automated process and if that has already been done, you will automatically be redirected to the Firebase Console)
Select the desired email as support email in the General settings tab in the Firebase Console using any member's account with sufficient permission.
If you're okay with a Google Groups email there, it's much easier to set up:
Go to Google Groups and create a new group there, with you as an owner.
Refresh that page and choose the group.
That's it, and there's no need to create or change your account.
I faced the same problem. I bought a domain name and I want to change the noreply#your-project.firebaseapp.com for noreply#my-domain.com. I followed the next intuitives steps:
Go to "Authentification" > "Models" > "Email validation" (sorry my firebase service is in french):
Click on the pencil
Click on "personnalize the domain"
And then I just followed steps indicated (enter your domain, add DNS entries in your domain service)
A message at the end will appears and say something like "48 hours may be required to validate your domain".
Ok, let's wait. After 48 hours of waiting, nothing has changed, I still can't custom the email address.
I finally found a solution. Go to "Connection mode":
At the bottom of the page, click on "Add a domain" and add your domain (this was the missing step).
Now you can go back to "Authentification" > "Models" > "Email validation" and change the initial firebaseapp email !
Hope that helps.
The only thing that worked for me:
Add collaborator as OWNER
From the new collaborator account go to project settings/general and change the support email
Go to the original account and change the collaborator account to Viewer or whatever (the support email will remain)
1- Create an email or google group (possibly on your own domain).
2- Add it as a owner to Firebase project.
3- Sign in as that owner.
4- Select that email address.
Sample image for No.2
Sample image for No.3
GCP need to login with same user
If you are trying to use group email from gsuite in Firebase support, you must be the group owner, and do not need that group email address on any IAM role.
I'm siging in users with the Email/Password method on Firebase. I'm not interested in switching to phone authentication. That being said, I'd like to store the users phone number in their profile for later access.
I know I can store it like so:
Users/UID/PhoneNumber: XXXXXX
But I'd like to be able to access it at a later date without having to query for that user id. Rather I'd like to store it so I can get at it through currentUser.phoneNumber or something similar.
I know there updateProfile which takes a displayName and profilePic but the documentation doesn't seem to allow phoneNumber. Is there anyway to achieve this?
You can't get the user phone doing something like this:
mAuth = FirebaseAuth.getCurrentUser().getPhoneNumber();
as you cannot access directly the user phone without implementing Firebase Phone Auth.
Since you don't care if that number is from that person, a workaround would be doing an AlertDialog or an EditText to prompt the user to type the desired number you want to store, and yes, you will need to query it each time since you are not getting it from Auth.
The only way possible of getting the user phone number in the userInfo as you say without querying the database is implementing Phone Auth.
Doing the workaround there is no guarantee that the phone number
entered by the user is the right one
Consider using the admin sdk updateUser API: https://firebase.google.com/docs/auth/admin/manage-users#update_a_user
admin.auth().updateUser(uid, {
phoneNumber: "+11234567890",
}).then(function(userRecord) {
// User updated. You can now get this from client:
// FirebaseAuth.getCurrentUser().getPhoneNumber();
}).catch(function(error) {
// Error occurred.
});
How can I change the support email in my Firebase project under
Settings > Your project > Public settings > Support email?
That setting doesn't show for all project it seems. But when I found it, hovering over the ? says:
This will be the email address presented to users when they are authenticating with Google. It can be changed to your signed-in email or an email of a Google Group managed by you.
So it looks like you'll need to:
Create an email or google group (possibly on your own domain).
Add it as a collaborator.
Sign in as that collaborator.
Select that email address.
Step 3 might not be needed, since I can also see the email addresses of team mates in my test project.
To change the support email, the email you want to use needs to be a member of your Firebase project.
If you need to add a member, you can select the Add member option.
In case you want to use a custom domain, you might have to create a new Google account for that email upon accepting the invitation confirmation email.
This will automatically redirect you to the Firebase Console with the new member signed in, but you can also select the email from another member's account.
All steps in a row:
Add a member (with your desired email) to your Firebase project (if you already have that, skip to 4).
Accept the Firebase invitation (an email confirmation will be sent to the desired email address)
Create a Google account for that email (this is an automated process and if that has already been done, you will automatically be redirected to the Firebase Console)
Select the desired email as support email in the General settings tab in the Firebase Console using any member's account with sufficient permission.
If you're okay with a Google Groups email there, it's much easier to set up:
Go to Google Groups and create a new group there, with you as an owner.
Refresh that page and choose the group.
That's it, and there's no need to create or change your account.
I faced the same problem. I bought a domain name and I want to change the noreply#your-project.firebaseapp.com for noreply#my-domain.com. I followed the next intuitives steps:
Go to "Authentification" > "Models" > "Email validation" (sorry my firebase service is in french):
Click on the pencil
Click on "personnalize the domain"
And then I just followed steps indicated (enter your domain, add DNS entries in your domain service)
A message at the end will appears and say something like "48 hours may be required to validate your domain".
Ok, let's wait. After 48 hours of waiting, nothing has changed, I still can't custom the email address.
I finally found a solution. Go to "Connection mode":
At the bottom of the page, click on "Add a domain" and add your domain (this was the missing step).
Now you can go back to "Authentification" > "Models" > "Email validation" and change the initial firebaseapp email !
Hope that helps.
The only thing that worked for me:
Add collaborator as OWNER
From the new collaborator account go to project settings/general and change the support email
Go to the original account and change the collaborator account to Viewer or whatever (the support email will remain)
1- Create an email or google group (possibly on your own domain).
2- Add it as a owner to Firebase project.
3- Sign in as that owner.
4- Select that email address.
Sample image for No.2
Sample image for No.3
GCP need to login with same user
If you are trying to use group email from gsuite in Firebase support, you must be the group owner, and do not need that group email address on any IAM role.
Following is what I am trying to achieve:
User installs the app
On its first launch, user will be asked to specify phone number and Name
Phone number gets verified by invoking REST API of OTP service providers
Once 2 Factor Authentication gets complete, I will create the user in Firebase database with its mobile number and Name as attribute to unique phone number
Problem: Now, what I am not getting is how to authenticate user with only phone number, as I want to track all his activities under his/her mobile number.
function showLoginBox() {
...
// Do whatever DOM operations you need to show the login/registration box.
$("#registerButton").on("click", function() {
var email = $("#email").val();
var phone = $("#phone").val();
// Invoke REST API to generate OTP/ Miss call
// Read OTP or user enters the OTP
// Invoke REST API to complete 2FA (Two factor authentication)
// Add the user information to Firebase
authClient.createUser(email, phone, name, function(error, user) {
if (!error) {
doLogin(user);
} else {
alert(error);
}
});
});
}
Now doLogin() function will be passed user object and I can get the user details, but how do I login now.. as I cannot invoke email/password combination or Anonymous login.
I even saw the JWT (JSON web token) thing, but it is mentioned under custom login, not sure whether it make sense
Can I do following:
- Save the verified mobile number (after 2FA) into local database (window.localstorage)
- Read local storage and send the mobile number with every subsequent call
But unless, I will invoke the authentication, how do I implement security/authorization, so as this mobile number can access only its related data.
Can anyone help me to figure out following things:
- How do I login the user with his mobile number only
- How can I track each and every activity performed by the user by his mobile number (Here mobile number is his user id)
Thanks in advance.