英文:
Validate phone authentication without showing the Recaptcha on Android in February 2023 (Firebase)
问题
我使用Flutter和Firebase开发了一个应用程序,它在Android和IOS上使用了手机认证功能。除了在Android上显示reCAPTCHA之外,一切都按预期运行。
为了解决这个问题,在文档中提到需要使用SafetyNet,然而,由于Firebase AppChecker已被弃用,现在无法从中启用它。我一直在使用新的Play Integrity API来取代SafetyNet,但目前似乎不起作用(reCAPTCHA可见)。
如果有人有解决方案,请分享一下!
非常感谢您的时间 🙏
英文:
I developed an app with Flutter and Firebase that uses the phone authentication feature for Android and IOS. Everything works as expected except that the recaptcha is showing for Android.
To solve this, it says in the documentation that we need to use SafetyNet, however, it is impossible now to enable it from Firebase AppChecker since it's deprecated. I have been using the new Play Integrity API that is supposed to replace SafetyNet but it doesn't seem to work at the moment (the recaptcha is visible).
If someone has a solution, please share it!
Thank you in advance for your time 🙏
答案1
得分: 1
你是对的:SafetyNet API 已经被弃用,在 2023 年 1 月 31 日后无法用于新创建的项目。
不幸的是,Play Integrity API 目前无法处理 OTP 验证。谷歌支持给我写道:
[...] 请注意,Firebase Phone Authentication (OTP) 尚未被用于 Play Integrity API。
解决方案是进一步使用 SafetyNet Attestation API。你需要申请这个。这个过程对于我的项目大约花了三个星期。
如果你获得了批准,你需要前往Google API 控制台的库页面,并激活“Android 设备验证 API”。
有了以下的项目设置,它应该可以运行,而且你不应该再看到 reCAPTCHA:
- Google Cloud 控制台:通过 App Integrity 将你的应用与 Google Play Integrity API 关联
- firebase 项目 --> App Check --> 选择你的 Android 应用 --> 将其与 Play Integrity API 关联
- 成功申请后启用 Android 设备验证 API
注意:这个过程与使用 Flutter 独立,对于比如 React Native 或 Android 项目也是一样的。
英文:
You're right: the SafetyNet API is deprecated and cannot be used for newly created projects after 31 January 2023.
Unfortunately, the Play Integrity API cannot handle OTP authentication at the moment. The Google Support wrote me:
> [...] Please note that Firebase Phone Authentication (OTP) has not yet been featured for Play Integrity API yet.
The solution is to further use the SafetyNet Attestation API. You have to apply for this. The process took around three weeks for my project.
If you got approved, you have to go to the library page in your Google API Console and activate the "Android Device Verification API".
With the following project setup it should work and you shouldn't see the recaptcha anymore:
- Google Cloud Console: Link your app via App Integrity with the Google Play Integrity API
- firebase project --> App Check --> Select your Android app --> Link it with the Play Integrity API
- Enable Android Device Verification API after successfully applying for it
Note: the process is independent of using Flutter and is the same for e.g. also React Native or Android projects.
答案2
得分: 1
Firebase电话验证通常不需要reCAPTCHA,但如果您遇到这个问题,可能是以下原因之一:
- 您在短时间内对同一号码进行了太多请求。
解决方案:在开发过程中,将您用于验证的号码加入白名单。 - 您正在使用一个经常被用于垃圾信息或滥用的电话号码,Firebase可能需要进行reCAPTCHA验证以确保验证请求是合法的。
解决方案:使用一个不同的电话号码进行验证。
英文:
I was having a similar challenge but this was happening during development however, after deploying it to playstore it stopped. Firebase phone authentication is not suppose to require reCAPTCHA but if you experiencing this then probably:
- You making too many request with that number within a short period.
Solution: Whitelist the number you using for the authentication when in development. - You are using a phone number that is frequently used for spam or abuse, Firebase may require a reCAPTCHA challenge to ensure that the verification request is legitimate.
Solution: Use a different number for the authentication.
答案3
得分: 0
我在使用Google身份验证服务时遇到了许多问题。有时,一次性密码(OTP)无法正常接收。我的建议是选择使用第三方API服务,因为这可以减少代码量。一些第三方电话验证服务包括:
这些服务提供电话验证解决方案,可以用作Google身份验证服务的替代品。
英文:
I faced a lot of issues with Google Authentication Service. Sometimes, OTPs don't come through properly. My suggestion is to go for third-party API services instead, as this can lead to less code. Some of the third-party phone authentication services include:
These services offer phone authentication solutions and can be used as alternatives to Google Authentication Service.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论