Open rscotten opened 3 years ago
bojeil-google
commented
3 years ago Hey @rscotten, we don't yet support multi-factor auth in FirebaseUI. We plan a phased approach for support this capability to unblock developers like yourself:
rscotten
commented
3 years ago @bojeil-google Thanks for the quick response. Your phase 1 would be greatly appreciated!
TaLoN1x
commented
3 years ago looking forward for this feature. It's a blocker for my project
ferrywlto
commented
3 years ago Same here. Is there a way for us to catch the auth/multi-factor-auth-required error somewhere at least? Thank you.
bojeil-google
commented
3 years ago We will expose a callback to plug in your own 2nd factor handler. This will be triggered on auth/multi-factor-auth-required. We are busy working on another feature at the moment. This should be next on our list.
munderwoods
commented
3 years ago I am also blocked by this. Any ETA for this? Thanks.
SUVOLewis
commented
3 years ago Any update on this? I'm currently still unable to handle the verifyPassword: Proof of ownership of a second factor is required to complete sign-in. error, so I can't divert the auth flow to any of my custom elements.
munderwoods
commented
3 years ago Any update on this? I'm currently still unable to handle the
verifyPassword: Proof of ownership of a second factor is required to complete sign-in.error, so I can't divert the auth flow to any of my custom elements.
I've ended up implementing authy then using claims on the user's google object to identify if they have 2fa. I am hoping that this issue is resolved before this app launches. @bojeil-google did say that it "should be next on (their) list" on Dec 23 so I have to imagine some progress has been made. 3 months for google? Could go either way I suppose.
rscotten
commented
3 years ago @bojeil-google It's been nine months since I originally posted this. The industry that we serve just had a major hacking (allegedly by Russians and the FBI is involved) and our clients are now motivated to enable MFA. We'd really appreciate if this can be given priority attention (what's more important than the security of our data?). We look silly when we have to explain to our customers that MFA works for email and not OAuth.
akauppi
commented
3 years ago @rscotten Would one way be to abandon firebaseui-web completely and make a true community based web auth UI? I’m in.
rowbot-weisguy
commented
2 years ago I ended up having to re-implement a basic UI which I'm sure is less battle-tested and more bug-prone than this project, all in order to enable MFA for our customers.
It appears the Firebase team is struggling to get / manage resources and treats their UI as second-rate to the API. Perhaps because they don't charge for use of the UI itself. That said, I don't know if it's wise to start a community project tightly coupled to Firebase auth. If their team can't effectively support their own product, should the community start doing free work for them? I appreciate the spirit of open source, but this smells different. I wish Firebase would treat their UI as part of the product that people pay for.
nguyenduyhust
commented
2 years ago Any new information about this feature? Or is there any workaround for it?
rscotten
commented
10 months ago @bojeil-google is this still on the roadmap?
gnahzknarf
commented
10 months ago this is hopeless. is there any workaround for it?
iamjuanguillermo
commented
1 month ago Ago/24 - Hi all! Any update on this?
kartikwatwani
commented
1 week ago Need update for MFA.
Hello,
I just wired up Multi-Factor authentication for my password auth, and it works great. But when I try to log in via Google Auth through FirebaseUI, I get the following popup message:
says "Proof of ownership of a second factor is required to complete sign-in."
The callbacks
signInFailureandsignInSuccessWithAuthResultare not called, so I can't handle this error and redirect to my confirmation code form.Also, I can't find any examples online on how to use MFA with FirebaseUI. I checked this:
https://cloud.google.com/identity-platform/docs/web/mfa
but it doesn't mention FirebaseUI specifically. It does discuss using Google auth as a first factor, but without the FirebaseUI callbacks being called, I can't handle the second factor verification.
Question 1: Does Firebase UI support MFA? Question 2: If so, is there a canonical example on how to make it work? Question 3: If Question #1 is a no, will it be or can it please be supported?