Home > Blockchain >  Firebase phone authentication without waiting for verification code
Firebase phone authentication without waiting for verification code

Time:09-24

I am working on an app in react native that has phone authentication for user registration. I use firebase for this purpose. The problem is when the user enters the phone number and hits the "send code" button, firebase(Google) successfully sends a verification code to the user via SMS, but before the user enters the confirmation code and hits the "confirm" button, login process starts automatically!!! why this happened? and how can I fix this?

Note:

  • This situation won't happen if test phone numbers(provided by firebase) being used.
  • The app have no permission to read user SMS content.
  • I add SHA-1 and SHA-256 fingerprint for both debug and release in firebase app setting

Authentication logic in my app:

async function onSignUp() {
  setLoading_signUp(true);

  if (phonenumber.length === 10 && name !== '') {
    try {
      const confirmation = await auth().signInWithPhoneNumber(
        ' 98'   phonenumber
      );
      setConfirm(confirmation);
      // console.log('confirm ===>   ',confirm);
    } catch (error) {
      setLoading_signUp(false);
      alert(error.message);
    }
  } else if (phonenumber.length !== 10 && name === '') {
    setLoading_signUp(false);
    alert('Invalid Phone number !\nName field should not be empty!');
  } else if (phonenumber.length === 0) {
    setLoading_signUp(false);
    alert('Enter Phone number !');
  } else if (0 < phonenumber.length < 10) {
    setLoading_signUp(false);
    alert('Invalid Phone number !');
  } else {
    setLoading_signUp(false);
    alert('Name field should not be empty!');
  }
}

async function confirmCode() {
  setLoading(true);

  try {
    await confirm.confirm(code);
    setConfirm(null);
    await AsyncStorage.setItem('@DidSignUp', 'true');
    await AsyncStorage.setItem(
      '@credentials',
      `{"name":"${name}","email":"${email}","phonenumber":"${
        ' 98 '   phonenumber
      }"}`
    );

    firestore().collection('users').doc(auth().currentUser.uid).set({
      name,
      email,
      phonenumber,
    });
  } catch (error) {
    setLoading(false);

    if (error.code !== 'auth/unknown') {
      alert('Invalid code !');
    }
  }
}

CodePudding user response:

On Android the Firebase Authentication SDK actually works with the OS to automatically detect the SMS containing the OTP. This is known as auto-retrieval and is documented as:

Auto-retrieval: on some devices, Google Play services can automatically detect the incoming verification SMS and perform verification without user action. (This capability might be unavailable with some carriers.) This uses the SMS Retriever API, which includes an 11 character hash at the end of the SMS message.

So this is a feature, and not a bug. :) There seems to be no way to disable the feature, from what I can quickly tell: How to disable Firebase Phone Auth Android auto-sign-in (onVerificationCompleted callback)

  • Related