Customize Firebase / Google Identity Platform Multifactor Authentication Confirmation Email - firebase-authentication

I have successfully and deceivingly easily added Firebase authentication for my web ap. I've found during my work that it's actually just a wrapper over the identity platform product from GCP. I've found this out while working on adding two factor authentication via phone for the app as well.
Everything works fine for the amount of complexity 2fa brings.
The problem I am now facing is that every time I enroll a user to the second factor, they get a horrendous automatically generated email which I just can't seem to understand where to change.
I know that transactional emails are a bit unwieldy in Firebase, so I fear the worse on customization, which is why I am asking:
Where do you change, or disable that email? I am already notifying the user their phone was validated and they just got the SMS on their phone, there is no need for another ugly notification.
That said, the documentation does say an email will be delivered upon running the multiFactoruser.enroll method, but not much else.
I've also found that the identity platform allows for programmatic enrollment via the admin SDK which is I guess my next plan if the email cannot be disabled.
This seems straightforward enough, but I'm wondering if it will also send a validation SMS or that is simply it, if the user adds a wrong phone, they will then be locked out of their account.

Related

Is it possible to create an app with sign in based on location as well as other (e-mail, google, , etc)? And a workaround for fake location using VPN

I am working on an app that requires customers to sign up for an account and I want to make sure that the person signing in is in a selected location. My concern is that this would be easily bypassed if someone uses a VPN. Any way to work around that?
I haven't begun building the app yet but want to see what is possible with sign-in and sign-up.

Allow user to choose how they receive forgot password code

Tried searching for this in Amazon's docs but couldn't come up with anything.
Assuming that both email and phone number are checked in the verification section of the user pool. If the client app wants to allow the user to choose how they receive the code (assuming they've forgotten their password) - how do we get Cognito to handle that? Is there a way of getting the forgotPassword method to select a route (email or SMS)?
From some early testing, it seems like it always goes one route if both are available. I do see that Amazon themselves have made this available on their site though, so hoping that it should be possible?
For this example, we can assume that we've got a verified email address and phone number for that user.
I am on the Cognito team. Currently the behavior is that if both phone number and email are verified, the code goes to the phone, hence phone number is given preference and there is no way to select where the code actually goes. However, we have heard this request in the past and I will add a +1 to the feature request on your behalf.

Is it possible to identify the person talking to the google assistant by voice?

Recently google has added multiple user support to the assistant so how would use the API to identify the person by voice?
It depends what you mean by "identify the person".
There is no way for an Action to get the raw audio, so there is no way for it to do voice printing or anything along those lines.
Although each voice has to be reported against a Google User ID, you do not have direct access to that user ID.
What developers do have access to is a UID that is sent along with each request to your fulfillment server. This UID is consistent across requests, although it can be reset by a user (for example, if they reset their Google Home). You can think of this the same way you think of an HTTP cookie - you can track the UID and, if you see it again, have reasonable assurance it is the same user that accessed it last time. This breaks down, however, for the "default" account on Google Home, since anybody who doesn't have an account will map to this user.
Beyond this, you can also use Account Linking to connect a Google Account consistently to an account in your own system. If you have sufficient authentication in place, or are using one from Google or Facebook for example, this can act as an identity.
There isn't an API for developers to identify users by voice.

Google Tasks API authorization

I can see many related questions on SO, but none that answers exactly what I'm confused with.
I'm using Google Calendar API in a .NET desktop application that allows user to provide his/her username/password, logs in on his behalf and adds some events to the calendar. Now I want to do exactly the same thing for Tasks feature. I'm trying to use Google Tasks API for this, but have been told that I need to do some OAuth kind of authentication, and even before that, I need to go to my gmail account and set permissions and get my project "key" to enable it.
Now does every user of my application need to do these steps in their Gmail account? Or do I need to do this in MY gmail account once and then my application code will be able to use the generated project "key" to enable my users to add tasks to THEIR gmail tasks list?
Figured it out. For anyone having a hard time understanding this, here it is:
The "key" generation step needs to be done only once per application, not for each user who's going to use your application. To generate a key, login to your Google Account and go to Google APIs Console page. Click API Access button and that's where you can generate keys for different kinds of applications like browser apps, desktop apps, Android apps etc. After registration, you'll need to take Client ID, Client secret and API key from this page and put them into the code. Sample code (.NET) for task creation and several other Google features is available here.
Once your user runs your application, he'll be taken to his Google account in his default browser where he'll be asked if he wants to allow this application to write to his calendar/tasks list. This page will display your logo and description text too that you can provide at registration time. Once allowed, this step won't be required again in the next one hour (this may be adjustable, i don't know yet).

Are apps that access gmail only have write-only access or full gmail access (potential security risk?)

I use a backup app to backup SMS text messages to my GMail account registered on my HTC Desire Z Android 2.3 phone.
The app requests access to the gmail account. But what does this actually mean? Does it mean:
the application has write-only access to the gmail - i.e. can insert emails but not delete or adjust other existing emails (does the Android API provide for that?)
the application has full access to the email, and could potentially delete emails if there was a bug
First off: this question doesn't seem to belong on Stackoverflow. This site is for asking specific questions about coding problems, not about how some code in some program based on some SDK on some device may or may not work.
If an application can access your Gmail account, as far as I know, this means full control, including deletion.
That doesn't have to mean there is actual code in the program that even tries to delete something, but I guess you're right: coding bugs could probably delete your email.
But that goes for a lot of applications: you trust the developer to test extensively before you rely on him/ her to handle your photos, email, passwords etc with care right? :)