使用Firebase创建手机号码身份验证

Question

目前，Firebase网站上的选项仅限于通过Facebook或个人电子邮件等对用户进行身份验证的预打包解决方案。我希望允许用户使用他们的手机号码登录和身份验证，就像Snapchat允许的那样。

有没有预先打包好的解决方案呢？如何才能实现这一点？

Answer 1

这是当前不支持的。从隐私、安全和产品的角度来看，电话号码认证是一个很难实现的功能。也就是说，如果你想构建它，你将不得不实现自己的机制，用一个唯一的短期代码(对应于为特定电话号码分配的uid )向使用Twilio这样的服务的用户发送SMS消息。你还必须防止来自应用程序的网络钓鱼攻击，这些应用程序试图模仿你的应用程序(在支持的3个平台中)，并欺骗用户将短信代码输入到他们的应用程序中。更不用说你必须防止滥用(恶意用户从你的应用程序发送短信)。最后，当用户兑换短信代码时，您可以返回一个自定义令牌(与分配的uid关联)，该令牌目前是Firebase admin sdk和客户端signInWithCustomToken支持的，完成登录过程。这仍然是对问题的过于简单化。我建议你在Firebase Google组论坛上申请该功能。

Answer 2

这是可能的。但目前仅适用于iOS/Web。Android的实现也应该很快完成。检查firebase文档。https://firebase.google.com/docs/auth/web/phone-auth

Answer 3

现在，电话身份验证在firebase.Here中可用，它是使用Firebase的电话身份验证的代码：

EditText phoneNum,Code;// two edit text one for enter phone number other for enter OTP code
Button sent_,Verify;  // sent button to request for verification and verify is for to verify code
private PhoneAuthProvider.ForceResendingToken mResendToken;
private PhoneAuthProvider.OnVerificationStateChangedCallbacks mCallbacks;
private FirebaseAuth mAuth;
private String mVerificationId;

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_phone_number_auth);// layout 


    phoneNum =(EditText) findViewById(R.id.fn_num);
    Code =(EditText) findViewById(R.id.code);

    sent_ =(Button)findViewById(R.id.sent_nu);
    Verify =(Button)findViewById(R.id.verify);

    callback_verificvation();                   ///function initialization

    mAuth = FirebaseAuth.getInstance();


    sent_.setOnClickListener(new View.OnClickListener() {
        @Override
        public void onClick(View v) {
            String num=phoneNum.getText().toString();
            startPhoneNumberVerification(num);          // call function for receive OTP 6 digit code
        }
    });
    Verify.setOnClickListener(new View.OnClickListener() {
        @Override
        public void onClick(View v) {
            String code=Code.getText().toString();
            verifyPhoneNumberWithCode(mVerificationId,code);     //call function for verify code 

        }
    });
}

private void startPhoneNumberVerification(String phoneNumber) {
    // [START start_phone_auth]
    PhoneAuthProvider.getInstance().verifyPhoneNumber(
            phoneNumber,        // Phone number to verify
            60,                 // Timeout duration
            TimeUnit.SECONDS,   // Unit of timeout
            this,               // Activity (for callback binding)
            mCallbacks);        // OnVerificationStateChangedCallbacks
    // [END start_phone_auth]


}

private void signInWithPhoneAuthCredential(PhoneAuthCredential credential) {
    mAuth.signInWithCredential(credential)
            .addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
                @Override
                public void onComplete(@NonNull Task<AuthResult> task) {
                    if (task.isSuccessful()) {
                        // Sign in success, update UI with the signed-in user's information

                        FirebaseUser user = task.getResult().getUser();
                        Toast.makeText(getApplicationContext(), "sign in successfull", Toast.LENGTH_SHORT).show();
                        // [START_EXCLUDE]


                    } else {
                        // Sign in failed, display a message and update the UI

                        if (task.getException() instanceof FirebaseAuthInvalidCredentialsException) {
                            // The verification code entered was invalid

                        }

                    }
                }
            });
}
private void verifyPhoneNumberWithCode(String verificationId, String code) {
    // [START verify_with_code]
    PhoneAuthCredential credential = PhoneAuthProvider.getCredential(verificationId, code);
    // [END verify_with_code]
    signInWithPhoneAuthCredential(credential);
}


private void callback_verificvation() {

    mCallbacks = new PhoneAuthProvider.OnVerificationStateChangedCallbacks() {

        @Override
        public void onVerificationCompleted(PhoneAuthCredential credential) {
            // This callback will be invoked in two situations:
            // 1 - Instant verification. In some cases the phone number can be instantly
            //     verified without needing to send or enter a verification code.
            // 2 - Auto-retrieval. On some devices Google Play services can automatically
            //     detect the incoming verification SMS and perform verificaiton without
            //     user action.
            // [START_EXCLUDE silent]


            // [START_EXCLUDE silent]

            signInWithPhoneAuthCredential(credential);
        }

        @Override
        public void onVerificationFailed(FirebaseException e) {
            // This callback is invoked in an invalid request for verification is made,
            // for instance if the the phone number format is not valid.
            // [START_EXCLUDE silent]


            if (e instanceof FirebaseAuthInvalidCredentialsException) {
                // Invalid request


                // [END_EXCLUDE]
            } else if (e instanceof FirebaseTooManyRequestsException) {
                // The SMS quota for the project has been exceeded

            }


        }

        @Override
        public void onCodeSent(String verificationId,
                               PhoneAuthProvider.ForceResendingToken token) {
            // The SMS verification code has been sent to the provided phone number, we
            // now need to ask the user to enter the code and then construct a credential
            // by combining the code with a verification ID.


            // Save verification ID and resending token so we can use them later
            mVerificationId = verificationId;
            mResendToken = token;


        }
    };