Firebase now provides an authentication method using the users phone. A user opens a web page, and the page initiates a SMS verification process. Firebase stores the users phone number (Identifier) and a randomly generated User UID. This is great if you want to validate phone numbers of your users, but not so great for restricting access to a whitelist of known phone numbers. Using Firebase phone auth and the very handy firebaseui-web library you receive an authorization when a phone number (ANY phone number) is validated via SMS message.
I guess I could perform a test in the browser client to see if the phone number (after SMS validation) is on the authorized whitelist via an API call to another server; If valid team member, redirect to the team directory site and to a "thanks anyway" site if not. I will say, performing that query in the client browser JavaScript seems like the wrong thing to do. It would be too easy to cheat it. Definitely not a good thing to do,
I'm hoping to use Firebase and phone SMS authorization to restrict a web page's access to a white list of authorized phone numbers. My use case is a group of people who need access to a simple web page showing the phone numbers of others in the group. We don't want that visible to the world, but it would be nice to have in a handy form (i.e. Look up web page, press the <a href="tel:1-408-555-5555">1-408-555-5555</a> phone number for quick, easy access on a mobile phone. We intend to make the page persistent via Progressive Web Application methods.
Any hints on how to proceed on using Firebase to restrict a webpage to a whitelist of users' phone numbers?
Note: I've seen this response that hints that it may be possible to use Cloud Function to restrict access to content but its not clear to me how that would work.
Aucun commentaire:
Enregistrer un commentaire