Google Firebase Phone SMS Authentication API: Should you implement in your next mobile or web app, is it secured?

Sunil Kumar
Jul 20, 2017 · 2 min read

Firebase team recently released their new over the phone authentication api which enables mobile and web application register/signup users via code sent on their mobile devices.

This api can be implemented importing the Firebase SDK only as of now and not AngularFire 2.x in future it may support. FirebaseUI compliments this API well when integrated.

Signing up a user using your mobile device via SMS is very convenient from usability while it also invites security concerns as mobile numbers can be transferred from one profile to another.

Solution: Implement Firebase Phone SMS auth with an additional layer of authentication widely known as two factor authentication like how Banks do for their customers.

How does the new Firebase Phone SMS auth code looks like compared to signInWithEmailAndPassword:

var phoneNumber = getPhoneNumberFromUserInput();
var appVerifier = window.recaptchaVerifier;
firebase.auth().signInWithPhoneNumber(phoneNumber, appVerifier)
.then(function (confirmationResult) {
// SMS sent. Prompt user to type the code from the message, then sign the
// user in with confirmationResult.confirm(code).
window.confirmationResult = confirmationResult;
}).catch(function (error) {
// Error; SMS not sent
// ...
});

Disclaimer by Firebase: You should inform users that if they use phone sign-in, they might receive an SMS message for verification and standard rates apply.

Update 19/07/2018: Please review https://github.com/angular/angularfire2/issues/1782 before implementing in your Ionic Framework project.

Google Cloud Platform - Community

A collection of technical articles published or curated by Google Cloud Platform Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.

)
Sunil Kumar

Written by

Helping startups with Google Flutter, Angular, Tableau, Ionic, Capacitor, WordPress, WooCommerce, NodeJS, Google Firebase & Cloud Function

Google Cloud Platform - Community

A collection of technical articles published or curated by Google Cloud Platform Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade