英文:
Firebase phone auth if sms is not received
问题
I'm using Firebase phone auth for login in my application in production.. but many times I encounter issues with local carriers which makes SMS OTP not received by users on a wide range (both new and already registered users).
我在我的生产应用中使用Firebase手机认证进行登录,但经常遇到与本地运营商相关的问题,导致用户无法收到短信OTP(一次性密码)(无论是新用户还是已注册用户)。
I'm looking for an idea to solve such issue using phone login.. Eg. sending OTP code over Whatsapp using my custom API..
我正在寻找解决这个问题的方法,使用手机登录的方式,例如,使用我的自定义API通过WhatsApp发送OTP代码。
Any idea how to send firebase auth OTP code using Whatsapp?
有没有关于如何通过WhatsApp发送Firebase认证OTP代码的想法?
In other words; How could I know the OTP code that I should send to the user from my backend?
换句话说,我应该如何从我的后端知道应该发送给用户的OTP代码?
I've looked for a solution using firebase auth admin API But couldn't find an answer
我已经尝试使用firebase auth admin API寻找解决方案,但未找到答案。
英文:
I'm using Firebase phone auth for login in my application in production.. but many times I encounter issues with local carriers which makes SMS OTP not received by users on a wide range (both new and already registered users).
I'm looking for an idea to solve such issue using phone login.. Eg. sending OTP code over Whatsapp using my custom API..
Any idea how to send firebase auth OTP code using Whatsapp?
In other words; How could I know the OTP code that I should send to the user from my backend?
I've looked for a solution using firebase auth admin API But couldn't find an answer
答案1
得分: 2
Here are the translated parts:
- 在你已经拥有用户的手机号的情况下:
- 在你的数据库中通过手机号获取用户
- 成功创建一个包含6位随机数字的认证码,并将这个数据存储在你的数据库中,可以像这样:
- authentication
- 用户 UID
- code
编辑:你可以创建一个带有认证码作为有效负载并设置30分钟的到期时间(出于安全考虑)的JWT令牌。然后,当用户将认证码发送到你的API时,你可以在解码JWT令牌时检查此认证码是否已过期。此外,你不需要担心删除认证码,因为30分钟后令牌就会过期,因此你有完全的控制权。
然后,通过电子邮件、WhatsApp或其他你喜欢的方法将此认证码发送给用户。
现在,要验证此认证码,你可以创建一个查询你的数据库的查询(我假设你正在使用Firestore):
// 再次通过用户的手机号获取用户数据
const { uid } = ....
const userAuthDoc = await admin.firestore().doc(`authentication/${uid}`).get()
// 现在,在这里你可以检查用户提供的认证码是否与你存储的一致
现在你知道用户是否已根据提供的认证码进行了身份验证...然后你可以创建一个自定义令牌,并将其作为来自认证码验证API端点的响应发送回给用户。
现在,在移动端代码中,你可以使用signInWithCustomToken认证方法。
注意:这个链接指向Web文档,但原生iOS/Android和React Native文档也有这个方法。
我知道我的回答不是很详尽,但我只是想给你一些解决这个问题的想法。
英文:
Ok, let's try to help you:
As you already have user's phone so:
- in your database get user by its phonenumber
- manage to create the 6 random digits authentication code and store this data in your database. Maybe something like this:
- authentication
- user uid
- code
EDIT: Instead of storing the code you can create a JWT token with your code as payload and with a expiration (for security purposes) of 30 minutes for example. And then when your user sends the code to your api you can check if this code is expired when decoding your jwt token. Also you don’t need to worry about deleting the code because after 30min the token is expired so you have total control.
Then send this code to your user by email, by whatsapp or any other method you prefer.
Now to validate this code you can create a query to your database (I'm suposing you're using firestore):
// again get user data by it's phonenumber here
const {uid} = ....
const userAuthDoc = await admin.firestore().doc(`authentication/${ uid }`).get()
// now here you can check if the code provided
// by the user is the same as you have stored
And now you know if user is authenticated or not based on provided code... then you can create a custom token and send it back to your user as response from code validation api endpoint.
Now on mobile code you can use the signInWithCustomToken authentication method.
OBS: this link leads to web docs but native ios/android and also RN docs have this method
I know my answer is not so complete but I just want to give you some idea of how to solve this problem.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论