CODEWITHSUNDEEP
androidiosfirebasefirebase-authentication
Jo Dar Gaya Woh Mar Gaya
Jo Dar Gaya Woh Mar Gaya

Reputation: 993

Firebase - Create new account with Phone Auth

I have few questions about when a new user account is created on phone authentication? So that I can decide when to do user data migration from old number/device to new number/device. Think of this app to be a chat app (like whatsapp):

  1. When Person A sign-up on app for first time, new number (123) and new device (X) : A new firebase user is created.

  2. When same Person A sign-up on app, old number (123) and new device (Y): Lets say when they buy new phone and re-install the app, Will a new firebase user be created for this person?

  3. When same Person A sign-up on app, new number (456) and old device (X): I suspect this will create new firebase user?

  4. When new Person B sign-up on app, using recycled number( 123) and new device (Z): Lets says Person A left the country and his phone number got recycled and given to new person B, will a new firebase user be created in this case? This point 4) is a variant of point 2) and I don't think firebase will be able to differentiate whether its Person A or B as they are out of the system.

If firebase phone-auth will create new user in all the above cases, then how best should we take care of Point 2) and 4) during user data creation/migration.

For point 3) we could ask people to generate one time password on old device (X) before moving to new device, then after signup on new device (Y) using old number (123), could ask them to verify their one time password if they want to migrate their old account.

Upvotes: 0

Views: 1228

Answers (1)

Frank van Puffelen
Frank van Puffelen

Reputation: 599591

  1. the same number on a different phone will get the same UID

  2. a different number of the same phone will get a new UID

  3. I'd recommend using a second form of authentication, such as a password. Remember: two-factor authentication requires that you use something that the user knows and something that the user owns. The user's phone number is just something that they own, which (as you say) can be transferred. Combining that with something that they know, will add the security you're looking for in this case.

Upvotes: 1

Related Questions