问题
Is there a way to implement multi-factor authentication on Firebase Authentication? From my research it seems impossible since Firebase authentication has public REST api of which, assumingly, someone knowing API_KEY and user's email/pass could directly sign in to that user's account using
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[API_KEY]
Thank you
回答1:
Update: June 2020
From March 12, 2020, It is now possible to set up multi-factor authentication using SMS as 2nd factor with Firebase for Google Cloud Identity Platform projects but this is a paid service. This article shows you how to add SMS multi-factor authentication to your web app.
I am quoting from github firebase repo. here.
Firebase Auth does not support multi-factor authentication. FirebaseUI cannot support this feature until the underlying SDK supports it. For 2-factor auth, 2 credentials need to be passed to get a Firebase ID token. Currently, one is enough to get an ID token. You can submit an official request for multi-factor auth with Firebase support.
However Multi-factor authentication itself works fine with Google account and FirebaseUI if it is enabled from Google settings.
hope it helps.
回答2:
Firebase Authentication with multi-factor authentication should soon be available according to this Google I/O video
回答3:
Firebase Authentication now supports Multi-Factor Authentication, but it only works for apps using Google Cloud Identity Platform, which is a paid service.
The logic is:
You ask the user to sign in with one of the providers bellow and also ask them to verify their email.
- Email and password
- Email link
- Google Play
- GitHub
- Microsoft
- Yahoo
You ask them for their phone number so you can send them an SMS as the second factor.
In order to enable MFA in your app, you'll need to enable the Identity Platform API. Note that this will also enable billing on your GCP Project, so you'll need to add credit card details.
Documentation links: [Web] [Android] [iOS]
回答4:
Firebase should be now having Multifactor auth:
- https://firebase.google.com/support/release-notes/js#version_7110_-_march_12_2020
- https://cloud.google.com/identity-platform/docs/web/mfa
来源:https://stackoverflow.com/questions/52886244/firebase-authentication-with-multi-factor-authentication