Google Firebase Phone SMS Authentication API: Should you implement in your next mobile or web app, is it secured?

Sunil Kumar
Jul 20, 2017 · 2 min read

Firebase team recently released their new over the phone authentication api which enables mobile and web application register/signup users via code sent on their mobile devices.

This api can be implemented importing the Firebase SDK only as of now and not AngularFire 2.x in future it may support. compliments this API well when integrated.

Signing up a user using your mobile device via SMS is very convenient from usability while it also invites security concerns as mobile numbers can be transferred from one profile to another.

Solution: Implement Firebase Phone SMS auth with an additional layer of authentication widely known as two factor authentication like how Banks do for their customers.

How does the new Firebase Phone SMS auth code looks like compared to signInWithEmailAndPassword:

var phoneNumber = getPhoneNumberFromUserInput();
var appVerifier = window.recaptchaVerifier;
firebase.auth().signInWithPhoneNumber(phoneNumber, appVerifier)
.then(function (confirmationResult) {
// SMS sent. Prompt user to type the code from the message, then sign the
// user in with confirmationResult.confirm(code).
window.confirmationResult = confirmationResult;
}).catch(function (error) {
// Error; SMS not sent
// ...
});

Disclaimer by Firebase: You should inform users that if they use phone sign-in, they might receive an SMS message for verification and standard rates apply.

Update 19/07/2018: Please review before implementing in your Ionic Framework project.

Google Cloud Platform - Community

A collection of technical articles published or curated by Google Cloud Platform Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.

Sunil Kumar

Written by

Angular, Ionic, Capacitor Developer, WordPress WooCommerce, Google Firestore and Cloud Function Expert

Google Cloud Platform - Community

A collection of technical articles published or curated by Google Cloud Platform Developer Advocates. The views expressed are those of the authors and don't necessarily reflect those of Google.