How to implement phone number verification in Flutter. In my app user is signed in via email, after the sign in process i need to add the phone number and verify it via OTP. I tried in Firebase the phone number verification is added with the authentication flow.
I don’t want to include the authentication flow, i just need to verify the number. How to implement this?
Please someone help me on this.
It is not possible to implement phone number verification without using Firebase Authentication as phone number verification is a feature within the Firebase Authentication system.
Related
I have the "happy path" of signing up a user implemented using Flutter & AWS Amplify. I have made the user to verify their account using their phone numbers so that the verification code is sent to the phone and the signup process is completed.
I realised that, during testing, one could easily make a mistake. So I want the user to be able to go back and change the phone number so that the verification code is sent to the correct one. However, using Amplify, you cannot change the details if the user is not signed in, and the user cannot be signed in unless their account is "confirmed". Of course, their account cannot be "confirmed" if they don't receive the verification code and with the wrong phone number due to their mistake, they will never receive the verification code...
Has anyone faced the same problem and could help me how to solve this please?
I read that you could use Lambda functions to "auto-confirm" the account without any verification which means they can sign in, which would allow me to change their phone number if they have entered a wrong phone number. But I am not sure if this is the easiest way to do it
I am new to app development but wanted to start with flutter and appwrite. I want to build an app with Appwrite and Flutter. This app should have a restricted area were only registered users should have access.
I want to use a modified email/password authentication, with a phone number instead of the email.
I know how I can create a user with a phone number and confirm this number using the send secret. But I could not find anythig to get a session with only phone number and password.
Is my desired behavoir even possible with appwrite or am I just missing something?
Thank you in advance for your help!
Unfortunately, phone and password authentication is not supported. You can hack a workaround for this by using the email and password where the email is <phone number>#fakedomain.com.
What's your reason for not using Appwrite's Phone Auth system?
I currently creating a flutter app with sign up feature and I want to avoid spamming account so I setted up a phone verification to send a code by sms and fill it into the app when signing up (through twilio api). But I want to check before sending the sms if the phone number is already registred in my firestore collection(auth == null). I heard about firebase rules but I don't really know how to build it to be security compliant. I tried to use linkWithCredential but didn't seem to work. If anyone would have any advices for me ?
Thank you :)
You can write a cloud function to check your database if the phone number exists and return the result to the client.
You can login anonymously in order to have an access to the firebase database.
Also, you can provide custom rules for each collection, so for example, your collection can have free access if you want, but don't do it, use anonymously login instead.
Starting from Keycloak 8.0.1 users can register multiple OTP devices:
screen of user setup page on Keycloak admin ui
Is there any way to restrict a number of OTP credentials (devices) for a user?
The behavior I want to achieve is to allow only one OTP device to be active for a user so users don't need to select a device from a dropdown on the login page (the behavior prior to the previous Keycloak versions).
There is a related problem, when you do a OTP reset, a new OTP device is added. So no real reset I would say.
Being able to limit to only one OTP device in the list would in fact make it possible to reset the OTP as the new OTP would push previous OTP device out from the list.
It doesn't make sense. You may somehow restrict user to have just one OTP device instance in the Keycloak. But you can't restrict user to have that single OTP instance on just single device. User can scan the same initial OTP QR code to many devices and then all these devices provide the same OTP code. (I use it as well, because single OTP device seems to be risky for me).
This kind of "OTP device replication" is not a problem especially for TOTP. HOTP may have a problem with that.
I am working on an iOS app using Amazon Web Services and I am setting up a user data base using the Cognito Userpool. During the sign up process, if a user enters the wrong phone number by mistake and in result isn't receiving a verification code, I am trying to allow them to then enter a new phone number, and update their phone number user attribute. Right now I am using a Lambda function which uses the AdminUpdateUserAttribute function, which is then connected to a APIGateway which allows me to run it from XCode. The function itself works and it successfully updates the phone number attribute.
Problem
The problem that I am running into though, is that after the phone number attribute has been updated with the Lambda function, a verification code is automatically sent to the newly updated phone number via SMS. The verification code is weird though because when I use that code to confirm the user, it doesn't work. Meaning that code is invalid for confirmation purposes. But if I use the Resend Confirmation Code function it will then send a valid confirmation code to the newly updated phone number.
Question
So I guess the questions I have are:
How can I prevent the automatic SMS from sending after I update the user's phone number attribute?
Or, is there a way I can use the verification code that is automatically sent as a confirmation code?
Thank you in advanced.