[英]Is it possible to send an OTP instead of a link via Firebase Passwordless authentication?
I've written an application that distributes a widget that would be installed on a consumer's web application (like Intercom, Hotjar etc.) and I'd like to make use of passwordless authentication to authenticate my users.我编写了一个应用程序来分发一个小部件,该小部件将安装在消费者的 web 应用程序(如 Intercom、Hotjar 等)上,我想使用无密码身份验证来验证我的用户。
From what it seems like, Firebase passwordless auth sends a link to the user's email address, and upon clicking it they'll be redirected.从表面上看,Firebase passwordless auth 会发送一个链接到用户的 email 地址,点击后会被重定向。 Given that this is a widget, as far as it seems like to me, redirecting to the consumer's application is not possible as it doesn't make sense to whitelist said app in the firebase console.
鉴于这是一个小部件,就我而言,重定向到消费者的应用程序是不可能的,因为在 firebase 控制台中将所述应用程序列入白名单是没有意义的。
Redirecting to the main app (where you'd get the widget's code) doesn't make sense either because the user will be authenticated in the main app, not the widget.重定向到主应用程序(您将在其中获取小部件的代码)也没有意义,因为用户将在主应用程序而不是小部件中进行身份验证。
The ideal solution in my perspective seems to be sending the OTP code instead which the user can copy/paste into a text field in the widget itself.在我看来,理想的解决方案似乎是发送 OTP 代码,而不是用户可以将其复制/粘贴到小部件本身的文本字段中。
I've read the docs thoroughly, tried implementing passwordless authentication which has lead to my above-mentioned conclusions.我已经彻底阅读了文档,尝试实施无密码身份验证,这导致了我的上述结论。 Since you can't really edit the email template I'm starting to feel that this use-case does not align with what Firebase Passwordless auth was made for.
由于您无法真正编辑 email 模板,我开始觉得这个用例与 Firebase 无密码身份验证的目的不一致。
I want to reduce the sign-in friction for my users, and I'd also like to verify their email addresses so that I can send them notifications/news-letters, etc. later on.我想减少我的用户的登录摩擦,我还想验证他们的 email 地址,以便我可以稍后向他们发送通知/新闻信件等。
The other authentication providers like the OAuth2 based ones revolve around the fact that the user has registered with that particular service.其他身份验证提供程序(如基于 OAuth2 的提供程序)围绕用户已注册该特定服务这一事实展开。 Anonymous authentication allows users to sign-in but does not ensure that each user has a unique email address.
匿名身份验证允许用户登录,但不确保每个用户都有唯一的 email 地址。 Email/Password authentication has high-friction.
电子邮件/密码身份验证具有高摩擦性。
I'm looking for a passwordless authentication that is similar to how auth0 does it, but auth0 has a more verbose limit on the free plan compared to firebase auth.我正在寻找类似于 auth0 的无密码身份验证,但与 firebase auth 相比,auth0 对免费计划有更详细的限制。
Any help, advice or pointers would be helpful!任何帮助、建议或指示都会有所帮助!
Resources:资源:
Firebase Passwordless Auth: https://firebase.google.com/docs/auth/web/email-link-auth Firebase 无密码验证: https://firebase.google.com/docs/auth/web/email-link-auth
auth0 Passwordless Auth: https://auth0.com/passwordless/ auth0 无密码验证: https://auth0.com/passwordless/
From reading the documentation on Authenticate with Firebase Using Email Link and Passing State in Email Actions , I don't think this is a completely supported scenario.通过阅读有关使用 Firebase 使用 Email 链接进行身份验证并在 Email 操作中传递 State 的文档,我认为这不是一个完全受支持的场景。 But you may be able to emulate it by:
但是您可以通过以下方式模拟它:
oobCode
from the link.oobCode
。credentialWithLink
.credentialWithLink
创建凭据。 This is pretty involved though, so you'll have to make the trade-off yourself on whether is is worth the effort.不过,这非常复杂,因此您必须自己权衡是否值得付出努力。 A much simpler flow is to:
一个更简单的流程是:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.