I am developing a web application based on REST API and wanted to authenticate a user by his 4 digit pin number. User don't have any username and password, is it possible to authenticate a user by a pin number in spring security?
Related
Is it possible to send an SMS containing a one-time-token to a specific phone number through Firebase Authentication?
Conditions:
My App is a multi-user web app.
There are 2 user roles in My App: Admin, and Member.
I want to:
Member user clicks a button.
Send an SMS containing a one-time token to the admin phone number.
Admin user tell a one-time-token member user.
Member user fills out a form and presses submit.
Token is sent back to the Firebase and verified.
What you're describing is not a built-in flow for Firebase Authentication. The closest equivalent is Firebase's phone number authentication, but in that scenario the one-time password (OTP) is sent to the user who signs in to the app.
So you can either modify your flow to use another step for involving the admin user, or you can build your own provider for Firebase Authentication. In the latter case, you won't be able to use Firebase to send the SMS messages though, but will have to use another provider for that.
I'm using Identity Server 4 and Dotnet Core Identity for authentication service. Authentication service has custom react spa.
I'm trying to get started a authenticate a user using their mobile number. I have a user data (email, password, phone number, etc.)
I want this steps;
User:Key in email and password (done)
Server:Send sms with code to mobile number (?), i have a sms server
User:Key-in code from SMS
Server:Send access token (done)
I developed a project using this example. https://github.com/karpikpl/identity-server4-with-SPA-UI
I have no idea how to integrate two factors, how can I help you? Thank you.
A solution for this issue can be like this:
Step 1
Generate an SMS code in your IDP (Auth server).
Step 2
Store that SMS code as a claim for the user with an expiration time (if needed).
Step 3
When the user comes to sign in to your IDP using his username, you can compare the entered SMS code by the user with that one you stored in DB as a user claim. Also, you may want to check the expiration time of the SMS code.
Step 4
If everything was ok so you remove that claim of the user then log him into your IDP and done.
I want to set multiple authentication services. As if user either sign in with email and password or phone number, but I want user to signUp with both email and password and phone number.
In Firebase Authentication terms this means that you want the user to sign up with multiple authentication provider. This is possible, although you'll have to implement the flow for it in your own application code. You then can link the providers together through the Firebase Authentication API, so that the user ends up with a single ID.
Months ago, I implemented Digits phone number verification on the mobile app and verified the oAuth headers sent from the again from the backend to make sure that the phone number already verified his identity.
I was calling api.digits.com while sending the consumer key and the oauth etc..,
as I read in firebase, the user can automatically sign in with the phone number.
I read that the user can add his id and number to firebase database after being verified, but this does not mean that he has passed the phone number verification if he bypassed the verification step in any way.
Is there any way to check that the user is really logged in with oauth credentials from my backend? Or there is any alternative?
Is there is any way to do a sign in with user voice instead of the regular username and password in web application?
I do that because the client want to make the password useless even for the system developers and he is worrying about that the developer know the username and password for the user when he logged in and then can log that and abuse it.
i suggested to implement it by a security token that sent to his mobile when the user enter his username and password and then enter the token to complete the log in process.
But i face a problem that may be the SMS take a while from 1 to 40 sec to reach the user's mobile.
So, i thought about the voice login.
Any help will be appreciated.