how to add/change a users phone number for enabling phone authentication on firebase Auth?
All of the documentation seems to refer to creating a new userid for phone auth but then I would end up with 2 userids for the same user
If you want to allow the user to sign in with two identity providers, you first create an account with one provider, then create an account with the other provider (e.g. phone auth) and get the credentials from that, and finally link the two accounts together into a single account.
Related
I developed a ionic 5 angular based mobile app that uses firebase authentication. I currently use email based login and now i want to switch to phone number based one. Is there any option to verify all the already registered users's phone number using firebase or any other service?
There is no way to change the authentication type of an existing account. But what you can do is also allow the user to sign in with their phone number, and then link the phone number credentials to their existing account.
For full details on how to do this, see the Firebase documentation on linking multiple auth providers to an account.
I want to set multiple authentication services. As if user either sign in with email and password or phone number, but I want user to signUp with both email and password and phone number.
In Firebase Authentication terms this means that you want the user to sign up with multiple authentication provider. This is possible, although you'll have to implement the flow for it in your own application code. You then can link the providers together through the Firebase Authentication API, so that the user ends up with a single ID.
I'd like to know if it's possible for a mobile registered firebase user to log-in without authentication procedure, in other words:
Lets say an administrator creates a firebase user by console (or web interface to console) then is it possible that when this user launches the app on his mobile he just logs in without the authentication procedure?
To put it simple, is it possible for mobile users a log-in like email/password user: just enter the number and log-in?
If you're referring to using a Phone Number for authentication this is supported by Firebase and the documentation can be found here https://firebase.google.com/docs/auth/ios/phone-auth
The caveat to this is that you can't create a user through the Firebase console as you were suggesting. It relies on the user using their mobile number to register when they logging in for the first time.
The other option that may or may not be applicable is to use Anonymous authentication along with a collection of predefined users with numbers as Peter suggested above.
You can add new users from the console, first you need to enable the email/password Sign in method. Then you can add a new user:
Then the user can login using the email/password added in the console.
If you want the user to enter a number and login, then associate a number in the firebase database with the email:
Users
userid
email: userx#gmail.com
number: 102
I've created an account in Firebase using phone authentication. However, from the documentation, it mention that:
If you use phone number based sign-in in your app, you should offer it
alongside more secure sign-in methods, and inform users of the
security tradeoffs of using phone number sign-in
I couldn't find a field to inject the password into the users database.
Should I enable the password/email sign in method? Is there any documentation to refer to?
I added email and password using:
createUserWithEmail:email:password:completion:
2 accounts are created:
I should rephrase my question to:
If the user logout, when they sign in again should they use the phone number, or email and password?
This is what it says in the documentation:
Authentication using only a phone number, while convenient, is less secure than the other available methods, because possession of a phone number can be easily transferred between users. Also, on devices with multiple user profiles, any user that can receive SMS messages can sign in to an account using the device's phone number.
If you use phone number based sign-in in your app, you should offer it alongside more secure sign-in methods, and inform users of the security tradeoffs of using phone number sign-in.
So all it means is that it is better to use another method with it, like email/password method.
When you enable that, then the user can create an account using his email, and you do not need the password, only the user id after he creates an account.
more info here:
https://firebase.google.com/docs/auth/ios/password-auth
Base on #Peter Haddad answer:
Updated the code to link the phone authenticated user and email/password authentication method.
FIRAuthCredential *credential =
[FIREmailAuthProvider credentialWithEmail:userEmail
password:userPassword];
[[FIRAuth auth]
.currentUser linkWithCredential:credential
completion:^(FIRUser *_Nullable user, NSError *_Nullable error) {
// ...
FIRUser *tmpUser = user;
}];
You should see these in the console (with only one row with 2 authentication type instead of 2 rows) :
I have been using Firebase authentication for a while and I have been using Facebook and Google logins. When I started it was not possible (or I didn't know) that you can limit on account per email and took care of it with Firebase database security rules and some code. In the database now I only have one account per email, but in the authentication accounts I have multiples per email. I would like to merge them or after the fact add the one account per email rule. Is that possible? If yes, how? And if not, is there any work around? It would be great to let people merge accounts. Thanks!
It is possible to merge accounts with the same email, even after some accounts have been created in Firebase Authentication.
First step is to disallow multiple-accounts-per-email by changing the setting in your Firebase project console. The change will only be applied to new users - all existing users will still sign into their existing accounts as before.
Since your app only uses Google/Facebook login, you can safely delete unwanted authentication accounts from the Firebase Console. Assuming in your database there is an entry (userid_1, email), and in you authentication project there are two accounts for the email (userid_1, email, Google) and (userid_2, email, Facebook). You can delete the (userid_2, email, Facebook) account using the Firebase Console or Firebase admin SDK. All subsequent logins with the same email, no matter via Google or Facebook, will always return the userid_1 account.