I just use two methods on my web app.
SignInWithEmail
SignInWithPhoneNumber
And I want users can sign up with user&password which is possible now and then I get their phone number. So they can sing in with the phone number for the next time. But if someone put an unexcited phone number in sign in page it didn't show an error to say that phone number doesn't exist. And firebase just signed up that phone number!
I just want users could sign up for email and password!
SignInWithPhoneNumber method will automatically sign up a new user if user doesn't exist. You can check if the returned user is a new user and if it's new, delete and sign out the user manually.
Firebase Auth provides the tools needed for building this. As Ti pointed it out, Firebase Auth returns isNewUser in firebase.auth.UserCredential returned on sign in/sign up. You can inspect that to tell if a phone number user is existing or new and wire your logic from there. You also have the ability to ask the user to provide their email/password afterwards. You can use linkWithCredential to link an email/password credential.
Related
Hi I need to add the option for users to delete their accounts from within the app but I just don´t know how to do it, I found some information here where it explains that we need to ask the user to sign in again otherwise we´ll get an error, but it only explains how to reauthenticate the user when this signed in using an email address and it does not say anything about when a phone number was used instead.
I am developing an invitation mechanism to our app. New users will be invited with their e-mail addresses or their telephone numbers. I would like to keep some records about the invited but non-registered user. So, I want to have their Firebase Auth User UID before they even signed up. Is this possible? Maybe using Firebase Admin SDK?
I don't want to use their e-mail addresses or telephone numbers to refer to them because UID feels like a better identifier. However, UID is not there before they sign up, right?
We toyed with creating a user and generating a passwordless login for them, etc. But whatever we do seems to mess with the initial sign up of users. It would be great if we could just get a UID and let the user sign up later.
You cannot create a user account, and then have the user "sign up" with the same UID. So you will have to handle your "sign up" flow a little differently.
In this demo an administrator creates a user account, and then invites the user to sign in by sending them an authentication code (jump ahead to the 3:00 minute mark in the recording). Then the user is allowed to sign in and activate their account by presenting the authentication code.
You can try to build something similar. For example you can save a flag for each new user in the database, and then clear that flag in a custom sign up action.
I've created an account in Firebase using phone authentication. However, from the documentation, it mention that:
If you use phone number based sign-in in your app, you should offer it
alongside more secure sign-in methods, and inform users of the
security tradeoffs of using phone number sign-in
I couldn't find a field to inject the password into the users database.
Should I enable the password/email sign in method? Is there any documentation to refer to?
I added email and password using:
createUserWithEmail:email:password:completion:
2 accounts are created:
I should rephrase my question to:
If the user logout, when they sign in again should they use the phone number, or email and password?
This is what it says in the documentation:
Authentication using only a phone number, while convenient, is less secure than the other available methods, because possession of a phone number can be easily transferred between users. Also, on devices with multiple user profiles, any user that can receive SMS messages can sign in to an account using the device's phone number.
If you use phone number based sign-in in your app, you should offer it alongside more secure sign-in methods, and inform users of the security tradeoffs of using phone number sign-in.
So all it means is that it is better to use another method with it, like email/password method.
When you enable that, then the user can create an account using his email, and you do not need the password, only the user id after he creates an account.
more info here:
https://firebase.google.com/docs/auth/ios/password-auth
Base on #Peter Haddad answer:
Updated the code to link the phone authenticated user and email/password authentication method.
FIRAuthCredential *credential =
[FIREmailAuthProvider credentialWithEmail:userEmail
password:userPassword];
[[FIRAuth auth]
.currentUser linkWithCredential:credential
completion:^(FIRUser *_Nullable user, NSError *_Nullable error) {
// ...
FIRUser *tmpUser = user;
}];
You should see these in the console (with only one row with 2 authentication type instead of 2 rows) :
I have got the firebase.auth().signInWithPhoneNumber(number, appVerifier) to work nicely, but realized something that I didn't before. As soon as you put in the sms verification code it creates a whole other user under the phone auth, which makes since.
What I want to do however is just allow my current email/password users to add a phone number and then before they sign in have to go through a process of getting a verification sms code and put it in and only then through the success block log that user in.
My current solution is to add the phone number to the email/password account. Go through the phone auth process and if successful log out the phone auth account and then log the email/password account in with the same phone number. This sounds like a bad idea in the long run however, so is there a sms verification without authentication in firebase?
What you can do is to link your email/password user with a phone number credential using linkWithPhoneNumber method of User.
Check out the docs here: https://firebase.google.com/docs/auth/web/phone-auth
Linking to a phone number credential requires the user to verify their phone number with SMS code.
That case does sound like a bad idea.
Unfortunately, Firebase doesn't yet provide SMS verifications without Phone Auth. You'll have to look for a different way to do that.
I have a current database with active users in Firebase that can login with user/pwd but now I'm implementing the facebook login and I realised the only way to link a facebook account with an existing user is only when the user is already logged with the user/pwd but not before the login.
I have two buttons in my app (login with fb and with email) but if I try to login with fb using the same email of an existing user, I will receive the following error auth/account-exists-with-different-credential and the documentation says that in order to fix this the user needs to login first then link.
Do you know if there is a way to link both accounts but without perform a login first, I mean, from the login view?
You need to sign in the user first before linking. This is important if you want to ensure it is the same user. Otherwise you can switch to multiple accounts per email in the Firebase console.
The way to solve this, when you get the error auth/account-exists-with-different-credential, the error will contain error.email and error.credential after you sign in with Facebook and the account already exists as a password account.
You then call firebase.auth().fetchProvidersForEmail(error.email) to which resolves with the list of provider IDs for that email. In this case, it will contain ['password']. You then ask the user to provide their password. You call signInWithEmailAndPassword(error.email, password) to sign-in the original user. You then call firebase.auth().currentUser.linkWithCredential(error.credential) to link the Facebook credential to the password account. Now both accounts are merged and the user can sign in with either.
I fixed it by going to the Firebase console. then head over to the authentication section and select the Settings Tab. Afterwards, go to User account linking and check Create multiple accounts for each identity provider