I have implemented firebase phone authentication for my mobile application based on react-native and built for android mobiles. The firebase authentication process occurs in the backend (PHP/Laravel) and works properly most of the time. However in some cases, the user registers, receives and OTP, however when inputting the OTP I get an Invalid OTP error (mismatch between the one generated in firebase and the one entered).
The process is as follows:
User registers
OTP is sent
OTP is received
OTP entered automatically on the mobile (I have tried manual input as well)
On success, the user is added to firebase (visible from the user table), and then added to the application user list in our backend
On failure (wrong OTP), the user will not be added to the firebase table and a failure response is sent to our backend and display on the mobile as "OTP Invalid"
In random occasions, we are getting an invalid OTP response even though the input is the correct one received. This is happening with new numbers registering. The same mobile network and provider is being used.
Need to check onVerificationCompleted as on android instant verification can happen which will use another method than success
Related
I have setup firebase phone authentication for my react-native android app published on play store. The registration process of the user occurs as follows:
User fills registration information -> OTP is received via Firebase -> User clicks on Verify -> OTP is verified on firebase and the mobile number is added as an identifier in firebase -> user is registered on our server.
Basically the app flow is working well with no issues. When we wanted to reset the database, all the registered users were deleted from our servers and from the firebase authentication table. Now the weird part is, when a user that was already registered (before the database reset) tries to register again (same mobile number) on our app, without the need of inputting any OTP, he is directly added to the firebase user table (without the need of inputting any OTP). If the user is new (never registered before), the flow works normally.
To my understanding, if the mobile numbers are not deleted from firebase table, the user will not receive an OTP when he tries to register again (already registered) however this is only because the user number is already present in the firebase user table, and once the user is deleted, he should be able to register as a new user again.
Please advise how to fix this issue.
I have a use case where I need each user to be identified by a phone number, this is because my shops will need to call the users who request an order , I have followed the documentation and all the github repo with the code
Actually the code worked, and sended to me the sms to verify and all worked just fine !
Now, before release, I have just plugged another phone, requested the code to verify and the code never arrived !
I just tried in another phone with another number and also the verification code has never reached that phone either.
But I actually verified a phone number with the actual code and it works, so, why is the code not reaching my users phone ?
My use case needs this feature and if this is on Firebase side I will need to move to another service
Any suggestions ?
For testing you can use the verification code you added with the test phone number on the console.
Firebase Console Dashboard -> Authentication -> SignIn Method -> Phone -> Phone numbers for testing.
Sometimes, firebase don't need to send the otp for confirmation. it can automatically be done.
This method is called in two situations:
Instant verification: in some cases the phone number can be instantly verified without needing to send or enter a verification code.
Auto-retrieval: on some devices, Google Play services can automatically detect the incoming verification SMS and perform verification without user action. (This capability might be unavailable with some carriers.)
In either case, the user's phone number has been verified successfully, and you can use the PhoneAuthCredential object that's passed to the callback to sign in the user.
https://firebase.google.com/docs/auth/android/phone-auth#onverificationcompletedphoneauthcredential
Check out the docs for Firebase Phone Verification for Android : https://firebase.google.com/docs/auth/android/phone-auth?authuser=1#test-with-whitelisted-phone-numbers
I am getting an issue of Firebase Phone Auth Verification at the time of registration. It was working perfectly at all before a week but just from a week getting this exception even OTP has not expired nor session time out.
Wondering thing is that at the time of registration when I enter a phone number which is not in the entry of "Firebase Authentication User" list, OTP received on a phone number automatically detects OTP from the method of firebase itself / also tried with entering manually OTP code within 1 minute and then call to
auth.signInWithCredential(credential)
makes entry to "Firebase Authentication User" list, it means to verified successfully but at the client side, it throws an exception of "The SMS code has expired. Please re-send the verification code to try again"
This issue also came in the project's web version 1 week ago but after a day it was automatically resolved without any changes.
I checked for iOS version too but it works perfectly but just in Android only when tries to verify the OTP by auto-detection or manually, it gives this error only.
Any help would be appreciated.
Suppose I need to verify users by Firebase phone authentication.
But somehow, user is not getting otp sms. So does firebase gives the option to get the OTP by receiving call?
You can use Firebase Authentication to sign in a new user by sending an SMS message to his phone, he would then receive a verification code to his phone number via SMS which would then allow him to sign in if the code is correct. However it's not possible yet to give the user his verification code via a voice call. Maybe they will do it in a future release ? It would be great indeed !
The recently added phone authentication in firebase authenticates has two types of users on successful authentication as provided in the documentation:
Instant verification: in some cases the phone number can be instantly verified without needing to send or enter a verification code.
Auto-retrieval: on some devices, Google Play services can automatically detect the incoming verification SMS and perform verification without user action.
But I would like to authenticate the users on the basis of sending SMS instead. So how could it be resolved. And how can it be determined how the users are getting authenticated. Also in some cases if the user is already authenticated in some other device it automatically gets authenticated in some other device without sending the SMS on either of the devices.
Any help would be appreciated.