使用Firebase创建手机号码身份验证 [英] Create cell phone number authentication with Firebase
问题描述
是否有预包装解决方案?这是如何构建出来的?
目前不支持。电话号码认证是从隐私,安全和产品角度实施的棘手功能。也就是说,如果你想建立它,你将不得不实现你自己的机制,使用Twilio这样的服务向用户发送一个唯一的短期代码(对应于一个特定的电话号码的分配的uid)的SMS消息。您还必须防止尝试模拟您的应用程序(在3个支持的平台上)的应用程序的钓鱼攻击,并诱骗用户将SMS代码输入到其应用程序中。更何况,你必须防止滥用(恶意用户从你的应用程序发送短信)。最后,当用户兑换SMS代码时,您可以返回客户端的Firebase管理员sdk和signInWithCustomToken当前支持的自定义令牌(与分配的uid关联),从而完成登录过程。这仍然是这个问题的简单化。我建议您在Firebase Google论坛中申请该功能。
At present, the options on the Firebase website limit you to prepackaged solutions for authenticating users through Facebook or a person's email, etc. I wish to allow user to login and authenticate using their cell phone number, much like Snapchat allows.
Is there a pre-packaged solution for this? How can this be built out?
That is currently not supported. Phone number auth is a tricky feature to implement from a privacy, security and product perspective. That said, if you wish to build it, you will have to implement your own mechanism to send SMS messages with a unique short lived code (corresponding to an allocated uid for a specific phone number) to users using a service like Twilio. You also have to protect against phishing attacks from apps trying to impersonate your app (in the 3 supported platforms) and tricking users to enter the SMS code into their app. Not to mention you have to protect against abuse (malicious users sending SMS messages from your app). Finally when the user redeem the SMS code, you can return a custom token (associated with the allocated uid) which is currently supported by Firebase admin sdk and signInWithCustomToken on the client side completing the sign-in process. This is still an oversimplification of the issue. I suggest you request that feature in the Firebase Google group forum.
这篇关于使用Firebase创建手机号码身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
