Can I use the telephone Firebase Auth code sent by SMS in a Dialogflow agent?
Like this: user receives the code by SMS and is prompted to call the Dialogflow agent that will ask for this code to finish the auth process.
Is it possible?
The final step of Firebase's phone number authentication to sign the user in with their verification code as shown here. As far as I can see this is only possible with the client-side SDKs of Firebase, which means that the sign-in must be completed on the device itself.
In DialogFlow you'd typically use the Firebase Admin SDK. While the Admin SDK supports related operations ("Create a new user with a phone number without having to go through the SMS verification flow" and "Change a user's phone number without having to go through the SMS verification flow"), it doesn't allow you to verify that the user has control of the phone number based on the code that was texted to them.
Related
Is it possible to send an SMS containing a one-time-token to a specific phone number through Firebase Authentication?
Conditions:
My App is a multi-user web app.
There are 2 user roles in My App: Admin, and Member.
I want to:
Member user clicks a button.
Send an SMS containing a one-time token to the admin phone number.
Admin user tell a one-time-token member user.
Member user fills out a form and presses submit.
Token is sent back to the Firebase and verified.
What you're describing is not a built-in flow for Firebase Authentication. The closest equivalent is Firebase's phone number authentication, but in that scenario the one-time password (OTP) is sent to the user who signs in to the app.
So you can either modify your flow to use another step for involving the admin user, or you can build your own provider for Firebase Authentication. In the latter case, you won't be able to use Firebase to send the SMS messages though, but will have to use another provider for that.
I'm making an iOS app where user sign in using email and password. When they enter both (email, password), then I want firebase to send verification code (not link) to verify user before they enter to the app, for security purposes. It is something like phoneAuth but I want it to be an email instead. Does firebase has this ability?
Nope, this is not something that is built into Firebase Authentication's email+password provider.
The simplest way I can think of getting close to this, is using the Admin SDK to generate an email verification link, parse the oobCode/actionCode out of that, and then in the client call applyActionCode to verify the email address (iOS API).
I have ignored the email/password sign up process and the necessary email verification for a long time and only used the very basic functionality to get started and build on top of that. But now I reached the point where I cannot avoid to use a more production-grade email/password sign up process. Currently I am using these Firebase services: Authentication (email/password only), Firestore and Cloud Functions with a react-native application.
When a user signed up successfully (signed in but without an verified email!) the react native application won't offer functionality until the user has verified his/her email. Right after the sign up the client will send an email with an verification link (through the default firebase server), the user can verify his/her email by clicking the link.
The issue: How to react suitable to a change of emailVerified or any other event which fires if the email got verified?
I have now searched the whole day for a working solution. These are my approaches:
Use your own website to which all verification links are linked (tried this but did not work at my first attempt)
use actionCodeSettings in the email verification link to redirect the user and let the client reload its components
Use Cloud Messaging and inform the client about changes to the email verification status
call a Cloud Function (from an external server) which updates a tmp document in Firestore to which the client subscribed
reload()/loop
I am thankful for all comments, helpful links etc.!
There is a method in the Firebase SDK: isEmailVerified() which tells if the user has verified the email or not.
For react native, I found straightforward documentation: Email Verified. On the launch of the app, you can check if the user has verified the email or not and then make changes accordingly!
Happy Coding!
I don't want to authenticate the user via their phone number that I have already done by using their email id and password. I just want to confirm that they are entering a valid phone number by sending them an OTP and verifying it. All the solutions that I have looked up go on to straight up authenticate the user. I am using firestore as my database.
Firebase allows you to link multiple authentication methods. You can find more details at https://firebase.google.com/docs/auth/web/account-linking
So, once the user is authenticated with email/password, initiate phone number authentication. When you get AuthCredential link it to current firebase user as mentioned in above link.
Other solutions would be to use external SMS gateway like twilio and doing phone number verification on your own. Which isn't required for your use case. In case you still want to try this, there is a free SMS gateway (which uses your own mobile number to send SMS) at https://www.sg.yagnyam.in/.
I have got the firebase.auth().signInWithPhoneNumber(number, appVerifier) to work nicely, but realized something that I didn't before. As soon as you put in the sms verification code it creates a whole other user under the phone auth, which makes since.
What I want to do however is just allow my current email/password users to add a phone number and then before they sign in have to go through a process of getting a verification sms code and put it in and only then through the success block log that user in.
My current solution is to add the phone number to the email/password account. Go through the phone auth process and if successful log out the phone auth account and then log the email/password account in with the same phone number. This sounds like a bad idea in the long run however, so is there a sms verification without authentication in firebase?
What you can do is to link your email/password user with a phone number credential using linkWithPhoneNumber method of User.
Check out the docs here: https://firebase.google.com/docs/auth/web/phone-auth
Linking to a phone number credential requires the user to verify their phone number with SMS code.
That case does sound like a bad idea.
Unfortunately, Firebase doesn't yet provide SMS verifications without Phone Auth. You'll have to look for a different way to do that.