I added Firebase Phone Authenticate to my mobile app. Standard flow:
input phone number
wait for the verification code
get the verification code
put the verification code
Sometimes the user has broken flow (SMS does not come along):
input phone number
did not wait for the verification code
click "resend verification code"
get first (stale) verification code
input the first verification code
get an error message (verification code is invalid)
In the second scenario, the user could avoid a problem if after click user get the same verification code. Has Firebase certain settings? (although this somewhat reduces the security of authorization over the phone). With the javascript API, is there a way to 'resend' the same verification code?
You can try adding a timer after they click to send the SMS code which would wait for some time (15seconds) before allowing the user to resent the code. FirebaseUI uses that mechanism to take into account SMS delays.
On the other hand, this shouldn't be a problem, Firebase Auth will resend the same code for the same session within a short period of time apart. So if the user enters an older code (code from successive attempts), it will still work.
Related
When my app calls linkWithCredential Firebase sends an email titled "Your sign-in email was changed" automatically.
This happens when an user enters the email address different from the current one.
Is there any way to prevent Firebase from sending such email?
I'm trying with firebase v9.10.0 npm package.
The message is sent to the user's current email address to alert them to the change of their sign-in method/credentials. There is no way to control whether Firebase sends this email on calling the linkWithCredential API.
I recommend looking at the flow of your code, as wanting to suppress this message typically means that you're doing something unexpected. For example, if you know the user's current email address, it's probably better to detect when they enter a different value before calling the Firebase API, and ask them to confirm the value.
I am creating a messenger app. In order to register a new user what I want is to get email and password from the user and before creating the account I want to verify the email provided by the user.
But the problem with firebase email verification is that you have to create account/user first then you can send the email verification link to the user.
Now this can lead to major problem: Suppose if some fake user used my email and created account but failed to verify email. But still he manages to create an account with my email.
So if later I will try to register my self to the app then I am firebase is going to show me Email already used.
To solve this issue I want to delete account created if user fails to verify his email just after he tried to register himself.
To do this I created an email verification screen which is pushed as soon as new user register through his email and password. Now here app will be waiting for user to verify his/her email by clicking the link send by firebase. I have also provided a cancel verification button. So if user cancel the verification I am just deleting the account which was already created. I am also handling if user press back key without verifying email which will also delete the user account.
Main Problem: Now the the last thing I need to handle is if user force quit the app. In order to handle this I tried to delete the account in dispose method as well as I used WidgetsBindingObserver. But both of them doesn't work for me.
Please help me to solve this!
The idea of email Link verification was created to solve this problem. Instead of creating an account and then verifying the email after, the account is just directly created from your email. So obviously you must have access to the email to create the account. See https://firebase.flutter.dev/docs/auth/usage/#email-link-authentication for details on how to implement this style of link authentication.
A similar discussion of how to handle quitting the app is occurring here How to execute code before app exit flutter . However abrupt quits from an app whether done by the user or the system are hard to handle by nature.
I wouldn't recommend deleting the account when quitting/ closing etc. the app since it is something legitimate users may do before confirming their email (especially if the email is delayed in being sent for whatever reason). This will cause a lot of frustration.
You could setup a Cloud Http Task to trigger the deletion of that account after a certain time (e.g. a few hours) of the account not being registered.
If they do register in time, you can cancel the task before it runs.
Even if the OTP is correct, it is showing this error when enter the verification code
The SMS code has expired. Please re-send the verification code to try again
I tried to delete Phone Number in test account
I tried delete SHA-1 key or SHA-256 key and again re-enter on firebse console
I tried json file replesh by new file
or when I try to login second time, I am not getting any code sms for the same number in same device.
how to resend OTP on request from the number and ?
I have got the firebase.auth().signInWithPhoneNumber(number, appVerifier) to work nicely, but realized something that I didn't before. As soon as you put in the sms verification code it creates a whole other user under the phone auth, which makes since.
What I want to do however is just allow my current email/password users to add a phone number and then before they sign in have to go through a process of getting a verification sms code and put it in and only then through the success block log that user in.
My current solution is to add the phone number to the email/password account. Go through the phone auth process and if successful log out the phone auth account and then log the email/password account in with the same phone number. This sounds like a bad idea in the long run however, so is there a sms verification without authentication in firebase?
What you can do is to link your email/password user with a phone number credential using linkWithPhoneNumber method of User.
Check out the docs here: https://firebase.google.com/docs/auth/web/phone-auth
Linking to a phone number credential requires the user to verify their phone number with SMS code.
That case does sound like a bad idea.
Unfortunately, Firebase doesn't yet provide SMS verifications without Phone Auth. You'll have to look for a different way to do that.
I am using Meteor Accounts in my application to send welcome emails with verification link, I wonder if there is any way to configure the number of hours/ days after which the verification link expires?
Also I noticed that whenever I click on verification links, I get message that the verification link expired. I noticed this is also reported by many other developers so I was wondering if there were any fix for this issue?