Phone Number Authentication with Firebase Auth

Growing Globally with Phone Number identity

Identity is a really important part of growth.If people can’t or won’t login to your app, then you don’t get a user.You don’t have growth.

Why phone numbers?

Using phone number as an effective identity for growth.Sign-in is such an important part of your growth funnel.Over 90% of people who have issue login into an app is going to leave.

1.They’re global.

Every single person in the world who has a smartphone has a phone number that they have memorized.

2 Actually, in a lot of emerging markets, We’ve learned that people prefer to use their phone as their identity instead of an email address or another form of identification.

3 Phone numbers are higher quality.They give you higher quality users.Because they’re more expensive to mass produce, they’re naturally resistant to the kinds of abuse and fraud you might see more often in another type of identification.Most importantly very low-friction sign-in for apps.

Why is login so hard to use?

We know as developers that passwords don’t increase security as much as they frustration and friction.

As a developer, we know that login is harder than it needs to be dealing with login is hard.There are UX implications.There are security implications.

Firebase Phone Auth

Today’s apps need to be able to support high-quality,low-friction authentication and engage with them in new ways.That makes phone number auth really valuable.

A lot of the apps that actually don’t have phone number authentication today, bBuilding it in the first place can be a real struggle.The first thing you’ll need to do is integrate with an SMS provider, and get coverage with carriers to send SMS.Then,you’re going to want to expand your offering globally to support all the different areas that your user might come from, making sure you’re perfectly localized along the way.

After all of that, you need to build secure authentication.That means generating a one time code, verifying it from a user, minting cryptographically signed tokens, persisting session, writing your anti-abuse logic. Firebase launched its phone authentication APIs.

The first thing that Firebase allow is it enables basic sign-in and sign-up flows. On Android Firebase actually, allow a few and built in enhancements.In the previous post you understand about the SMS retriever API, which actually increases overall conversion from users, SO they don’t have to end up with the SMS app and parsing it.This is going to come built into firebase Android APIs.Finally, Firebase has a really new cool piece of functionality called instant verification on Android.

Firebase enables basic sign-in and sign-up flows.

The first thing that Firebase want to make sure enable your app to do is allow you to sign in and sign up your users.All a user would need to do is enter their phone number, and you can go ahead and pass it over to Firebase.

Firebase will validate the phone number, handle any normalization logic that needs to happen, if this is a new user, or a returning one, and go ahead and generate a one-time code associated with this request.

The new user will simply pass back the code into your application, and which you would just pass right back on to Firebase, and Firebase will verify it.Firebase will handle any of the complex logic, and deduplication, if you send multiple SMS by mistake or any of the other edge cases that might arise.The user will go ahead and enter their code.Firebase will validate it.Firebase will go ahead and mint cryptographically signed tokens, persist sessions the whole authentication.You won’t have to worry about how any of it.

Auto-retrieval

Auto-retrieval works very similarly to we discussed in the previous post.It’s comes built in the user phone auth APIs.For auto retrieval, if the user goes ahead and click sign with the phone number.This time they can actually select their phone number if you integrate with hint selector.It’ll be auto-populated into the application.Firebase will validate it once more. Firebase will generate the code.But this time, when firebase actually sends the code in the SMS, Firebase will be able to pick it up from the background.Firebase auto-retrieve it directly, parse it out and populate it into the application.The best part of all of this is your user never actually had to leave your application, go to an SMS tab, wait for it and then copy and paste the code into your UI.They stayed in your application the entire time.It’s a really seamless experience for them overall.That’s all that you ever to do.All this powerful functionality is also really easy to use.

Configuration

As a pre-requisite, ensure your application is configured for use with Firebase.

Then, add the FirebaseUI auth library dependency.

The second thing you need to do is just enable phone auth within your project in the Firebase console.

 

Enable Firebase Phone Auth

Now Firebase headless APIs don’t enforce any UI, so they give you programmatic access to our underlying infrastructure that you can use in any way that you choose.It’s really easy to use.On Android, in order to get all the awesome functionality the actual ability to generate and send codes, the auto-retrieval, even instant verification, comes down to just one single API call, and the implementation of the callbacks that you care about.

What’s about UI?

Building authentication UI can be pretty complex.You need to handle all sorts of edge cases across all the different platforms your application might support.You want to make sure that your login UI is actually high performance.That will give you good conversion rates.FirebaseUI wrote out all the code for different phone authentication flows that.

 

The first thing you’ll notice is Firebase UI integrates with hint selector directly.So I didn’t write any additional code for this.It’s able to pick up user’s phone number from the device, and I can just simply enter it directly into the app.

Now when you hit verify phone number, it’ll go ahead and send a code which will directly get right off the SMS.The code was sent to your device immediately written from the SIM.All I did was really tap my phone number and everything else was taken for me.The SMS was delivered.It was passed.It was taken.I never left the app.

Instant Verification

Instant verification works exactly like it sounds like.It allows you to verify the phone number without sending an SMS to the user, it appears instantly.Let’s How it works?

1.User Select Number

This time, When they enter their phone number, and you call APIs, Firebase is going to do the first check.That check will go ahead and see if firebase has verified this phone number on the device recently.If it has, it can actually instantly verify the phone number the next time around without needing to send any additional SMS.It thinks that this means there is no wait time, on SMS, or anything else, just pure simplicity verify.

 

Imagine that user coming back to the application, maybe after a week or two.This time user going to instant verification.When the user goes to the application, let’s sign in with a phone number again.It’ll pull up the phone number for user device just like last time.The user just going to do single tap log-in.Where I go ahead and select a phone number, It sees that I’d already been verified in the past and that It’s.No SMS was sent, nothing else.But instead, Firebase was able to just validate that we verified it, and logged them in directly into te application.

 

Related Post

SMS Retriever API

One Reply to “Phone Number Authentication with Firebase Auth”

  1. Is there any way to know if instant verification was done? Like, inside onVerificationComplete() or signInWithCredential(). I want to Toast a message when a user has already verified the phone number some time back and tries to sign up again with the same number

Leave a Reply

Your email address will not be published. Required fields are marked *