In a mobile app, users register themselves based on their phone numbers (like WhatsApp, Uber, Careem etc). User enters his phone Number, app sends him verification code, then user sends back that verification code, app verifies if the verification code sent by user is correct.
My question is that what should we call the part of the process where the app verifies the verification code? Verification Of User Or Verification Of Phone Number? Which makes more sense? And Why? Which is standard?
It verify both user and mobile no. Mobile no is used as identity of the user. So it is helpful in the future when user forget his password . So we can say it verify mobile which is further linked to the user.
Related
I am working on an application that will sign up users based on their phone numbers. Everywhere I have read, there are articles regarding signing in users using their phone number. While researching for this I landed on a stackoverflow article itself that mentioned that the signInWithPhoneNumber() article will work for sign up when queried for first time, and will be used for sign in once the user is created as in this article What will happen if I sign in user using phone number without user creation in firebase?.
Going by this article, I wrote the following code to achieve my purpose
import auth from "#react-native-firebase/auth";
console.log("going to sign up with", numberToSend);
// numberToSned is the input number to which the message has to be sent
const confirmation = await auth().signInWithPhoneNumber(numberToSend);
I also set up a dummy number to test the feature.
But whenever this request is made my application shuts down by itself
Also I do not get any error on the console regarding this
So I wanted to ask is their a way to sign up users using their phone number in firebase with react-native?
As the link you describe (but didn't share) says: Firebase makes no distinction between signing up with a phone number or signing in with a phone number. The code for both cases is exactly the same, as shown in the documentation on Firebase phone authentication.
Tried searching for this in Amazon's docs but couldn't come up with anything.
Assuming that both email and phone number are checked in the verification section of the user pool. If the client app wants to allow the user to choose how they receive the code (assuming they've forgotten their password) - how do we get Cognito to handle that? Is there a way of getting the forgotPassword method to select a route (email or SMS)?
From some early testing, it seems like it always goes one route if both are available. I do see that Amazon themselves have made this available on their site though, so hoping that it should be possible?
For this example, we can assume that we've got a verified email address and phone number for that user.
I am on the Cognito team. Currently the behavior is that if both phone number and email are verified, the code goes to the phone, hence phone number is given preference and there is no way to select where the code actually goes. However, we have heard this request in the past and I will add a +1 to the feature request on your behalf.
I am using auth0 in my existing regular php web application.
I have free as well as paid users in my site. For free users registration process is simple, I call the create user api which triggers the verification email.
But for paid users I have a multistep form. In first step users enters his information and registered as a free user in application then redirected to payment page. I can not call auth0 reg api after first step as user will get immediately verification email before payment.
If I call it after successful payment then its impossible to track if user bails out(Doesn't fill payment form, but already registered as a free user).
Please suggest what approach I should follow.
Thanks in advance
Make sure that you disabled public signups (this endpoint) and instead are performing the registration of users from your backend through the Management API create user endpoint.
Then you can use the verify_email parameter to indicate that a verification email should not immediately be send after user creation. You could then later use this endpoint to trigger a verification email to be sent after the payment form is completed.
If you have want to achieve best result i think you must follow below step to get rid of this problem:
1. Remove public signups in your application by trying this authenticating signup.
2.Perform the registration of individual user by this way create user's
3.Now you can simply use the verify_email parameter.
This parameter can be easily use post verification email process which prevent the issue of signup/signin before making payment.
Hope you got it & feel free for any help.
I have created a nice little login script for my website that lets users login with Facebook or Google at the moment.
What I am trying to do is set some checks to make sure that duplicates do not appear in the database.
Here are some scenarios I have covered :
Login with Google/Facebook account and I have already registered this account, This will log the user straight in as they have already linked this account.
User has already registered with Google account, yet clicks Facebook because they cannot remember which account they used. This will alert the user that the email address returned from Facebook has already been registered with a Google account. This will enable them to click on Facebook to Login ??? NOT SURE ON THIS LOGIC AT THE MOMENT ???
User clicks on Google/Facebook to login, yet the email address returned is a user that went through the manual registration. This will alert the user that the social account they are trying to login with will require a password.
What I am thinking of doing is allowing users to LINK ACCOUNT so that the alerting process does not happen because I can link my facebook account to my google account through my website, and vice versa etc etc.
What I am asking :
Are there any other checks I may be missing? Is this logic sound? Is there anything I am doing which makes you question the login process??
Basically asking logic advice on this one.
Well congratulations! You're almost on the right track. Let's breakdown your situation here.
Ideal Situation
1. Registered on your site
2. Log in with Google
3. Log in with Facebook
Now, let's take the common denominator here, I mean the primary key. I am guessing in your case it should be the email address.
Actual Process Flow
1. User registers. You save the email address
Or,
2. User registers with Google/Facebook and you save the email address.
Login Procedure
1. You receive the email address either from direct login/facebook/google.
2. You match it against your table
3. On positive match, you link this social login to an existing account
If,
4. It is not a positive match then you accept whatever data you receive and then forward
and then pass on to the registration page.
Hope this helps! Let me know if you want to know anything else.
Cheers!
Let's imagine that we have ecommerce website that suggests 3 way for user registration:
regular email
via facebook
via twitter
Now let's imagine that we have user signed via facebook/twitter account and we need send him notification about his order (order complete or s/t like that). How can we do this? It is absolutely clear for regular email users - we should just email them notification, but what about Facebook/Twitter users?
Thank you!
With Facebook when they authenticate with your application, you can request email permissions to be able to access the email address they have nominated to use with their facebook account. At the point of registeration you could then store this address in your database and all order flow could follow the existing email path.
You could probably re-use this methodology for twitter too.
I can understand the need to differentiate on registration processes however I think you want to streamline post order notification as much as possible for consistency across users.