We have an existing registration flow which uses Auth0 passwordless authentication with phone number, I now want to add google SSO as another registration option.I also want users registered with phone number to link their account. I am looking for suggestion in how to do this. I am using graphql api and next.js.
Im currently trying to build a web app using firebase and am fairly new to web development. I currently am using SvelteKit and am only allowing users to sign in via email authentication with Firebase Auth. I was curious to if there was a more efficient method of account linking than what I am currently doing
I currently have users:
Click Link Discord button
User Authorizes with Discord
I store user discord info in their user document in Firestore
The problem I see with this is that if the users change their account info on discord that it will not be reflected in my app.
Should I be storing the tokens in a cookie and calling them? would that be also bad as the tokens expire?
We are using Azure B2C for login/authentication of our users. This works fine on our website (social and email login etc).
Our mobile app is built in Xamarin forms and we are trying to build a native login experience (using native app controls vs. a web view within the app that B2C presents) that integrates natively with the device biometrics for login (FaceId, TouchId, fingerprint login).
As you can imagine, doing this in the webview that Azure B2C requires doesn't allow a native login experience.
The overall goal here is 2 fold:
Build a native login experience
Integrate with biometrics.
Question:
Does Azure B2C have an API that enables this, especially so we can use authorization code flow without a UI. ROPC exists but does it integrate with social accounts too?
If not, is there a way to integrate biometric login with Azure B2C on mobile when the login screen is presented in a webview? So that when the B2C login page in the webview is presented, a user can login with touch/faceId and save that information to they keychain (on iOS and the equivalent on Android)
You need to use Webviews, and you can enable Biometric integration with webview type experience.
You cannot integrate any service with Social Accounts and ROPC. Any integration with Social IdPs will need a webview.
Yes, enable Keep Me Signed In for long lived sessions. Wrap the biometric code around the acquireTokenSilent() methods.
Then you have two options:
You can hide the KMSI button, and use JavaScript to force select the KMSI checkbox in the login page using page customisation.
You can rename the KMSI label on the login page to ask the user if they want to enrol in to biometric. Then after the login, your app will receive a claim in the token whether the user opted in, use claim resolver to achieve that.
Now you have a user logged into the App, with:
1 hour access token
Potentially up to infinity long refresh token
Multi day/year Azure AD B2C session cookie
Then, when the user re-attempts to open the app, or perform some action in the app, you will need to call acquireTokenSilent(). This MSAL method obtains a fresh access token for the required API resource/scope.
If the token is expired, or requires a different scope, the a new token is fetched.
You can wrap any action in your application with the biometric SDK.
if (performingSomeAction && requiresBiometric)
if (challengeBiometric succeeds)
acquireTokenSilent()
//do someAction
Now if the refresh token has expired, then the web view will pop up, the long lived session cookie will be used to get new tokens. The acquireTokenSilent() method handles all of that already.
I'm creating the authentication for an app that requires Office 365 integration. I got the authentication in the front-end to work but I'm not sure what is the best way to link this authentication information to Firebase Cloud Functions.
I saw answers related to this that say I should redirect the user to the login page of Azure AD and get the token back to my cloud functions to mint a custom token and give that one back to the user.
But this is not clear for me, how can I confirm this token the user sent is valid?
And can I use the admin.auth().verifyToken() to get the user information from this custom token?
Problem
Firebase force overwrites previous authentication provider when we sign-up using Google OAuth.
Precondition
Both GitHub account and Google one are the same email.
Disallow multiple accounts with the same email address
Expected Behavior
Sign-up using GitHub OAuth
A new account (ACCOUNT_1) is created on Firebase Auth
Sign-out
Sign-up using Google OAuth, "auth/account-exists-with-different-credential" error occurs.
Actual
Sign-up using GitHub OAuth
A new account (ACCOUNT_1) is created on Firebase Auth
Sign-out
Sign-up using Google OAuth
ACCOUNT_1 is overwritten by Google OAuth provider on Firebase.
Sign-in using GitHub OAuth, "auth/account-exists-with-different-credential" error occurs.
What I tried
When a new account is created first time, I force updated emailVerified = True using Cloud Functions.
I saw the bellow article:
oauth - Unusual behavior from Firebase Authentication when signing in using existing account email - Stack Overflow
In my understanding, Google OAuth process only overwrites an account with non-verified email.