Reputation: 31
Replace firebase phone authentication with sms retriever api for otp verification
so I'm new to android development (which doesn't mean that I don't understand other people's code, just hands-on experience wise) and currently working on an android app. The app was made by the previous person who left the job for which I was recently hired. The problem is, since Google has updated their policies not allowing us to use permissions such as READ_SMS and RECEIVE_SMS, the app that the previous person made, is not being approved by Google for uploading to the play store.
My question, is there any way by which I can either replace firebase authentication with SMS retriever API but using firebase at the end? Or is there any other way by which I can authenticate the user based on the OTP sent by firebase but without permissions for RECEIVE_SMS or READ_SMS??
Currently, I've checked out SMS Retriever and seems fit for our app, but don't know if we can still go on to use firebase.
Upvotes: 2
Views: 3945
Answers (2)
Reputation: 30848
You don't really need SMS retriever API for Firebase Auth on Android. It will automatically read the SMS code and initialize the PhoneAuthCredential and pass it via the onVerificationCompleted callback to complete sign-in.
"Auto-retrieval: on some devices, Google Play services can automatically detect the incoming verification SMS and perform verification without user action. (This capability might be unavailable with some carriers.)"
You also get the benefit of instant verification where no SMS is even sent.
You can check the official docs to learn more.
Upvotes: 4
Reputation: 317740
If you want to use Firebase Authentication as the registry for your users, so you can use security rules and integrate with other Firebase products, but want to provider your own mechanism to create and validate those users, you're going to have to implement a custom authentication provider. This requires that you provide your own backend to do all your auth work securely. You will not be able to trust the client app (even if you wrote the whole thing, as it might be compromised) to be secure enough to truly validate the claims of the end user.
The whole process is too much to explain in a single Stack Overflow answer, so please read the documentation to understand how custom auth works.
Upvotes: 0
Related Questions
- Firebase SMS verification content
- SMS verification code request failed when authenticating using Firebase Auth
- Firebase is not sending OTP to the Mobile Number
- Firebase Login using Mobile number and password (without OTP)
- Firebase SMS authentication sign-in methods
- Firebase SMS Verification
- How can I integrate otp verification in my android app with firebase
- Mobile OTP Verification without signing in using Firebase Phone Auth
- Does SMS Retriever API is required in Firebase authentication for otp auto fill?
- Firebase PhoneAuthProvider OTP