feat(auth): TOTP and unenroll MFA #8621
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
James Bateman seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
|
I'm not aware of a better way to do this given we don't have TOTP support in the emulator, your patch-package based development workflow sounds both a) really painful and objectively awful and also b) like the best way Sorry for the a) painful + awful part, I wish there was a better way That said, this is incredible if you've got this working with an app that uses MFA and TOTP so you know it's working on both platforms - for the avoidance of doubt, you confirm that is the case? it is tested and working in your app on android and iOS ? If so, this is exciting |
|
@mikehardy I appreciate the feedback re my workflow 😆 For the proof, yes, I was meant to whip up a little demo app which I just didn't get time to do over the weekend. I'll see what I can do, hopefully, this week. I am just about to deploy our app to our production environment with this patch as it has all been going very well in testing. Any fixes or changes that might crop up I am making sure to push back into this PR. |
|
Hey @mikehardy I've seen there's the firebase emulator blocking issue which doesn't seem to have any movement from the emulator team. Is a TOTP implementation for this library at all possible to merge into main without e2e testing? If the maintainers are comfortable having it implemented without the full automated test suite and with a heavy caveat for anyone who chooses to use it, I'm happy to lend some time to get this PR polished and merged to main. If it's not a go without those tests though then all good. |
|
I've got a different way to verify it I think and will be trying an experiment to verifiy if it will work or not shortly. The PR to implement it can go in either way though. Can't really have a regression on something that didn't work before, no reason to reject a community PR based on that... |
|
@mikehardy I have updated the description with demos as promised. Let me know what you think |
|
@jamespb97 A PR I've authored recently will conflict with this PR. I'm happy to manage the conflicts if you bring this fork up to date with main. Can make a branch and get you to review it before merging back the PR branch. |
|
Great contribution @jamespb97! |
No problem, I’m away the next few days but when I get a moment I’ll sort it out 👍 |
Description
The aim of these changes is to enable TOTP MFA and the ability to un-enroll from either SMS or TOTP MFA.
The motivation behind doing this was to migrate away from Firebase JS SDK implementation on our existing Expo application which extensively uses multi-factor authentication.
This is my first time ever changing native code like this. My workflow at the moment for making these changes have simply been editing the native modules in the respective code editors (Xcode and Android Studio), then using patch-package and building new development builds each time and testing live against our development environment, so nothing has been emulated.
I tried to link my forked repo locally using
npm/yarn linkand build off that instead but I couldn't get it to work so I had to go the patch-package route and copy across all of my changes to my fork manually. If you're aware of a better way to do this please let me know!I am aware that there is a blocking issue (firebase/firebase-tools#6224) which prevents TOTP being tested within emulation, so I guess proper tests cannot be written just yet for this feature (unsure about unenroll feature).
Related issues
#7483
Abandoned related PR: #7718
Release Summary
Add support for enrolling TOTP multi-factor authentication, authentication using TOTP and un-enrolling multi-factor authentication.
Checklist
AndroidiOSOther(macOS, web) (NOTE: When using shims replacing imports with firebase js sdk, this should work as the APIs are exactly the same as the web sdk - [🐛] Other Platforms - [Web] [Auth] Methods are unsupported or not existing #7921 (comment))e2etests added or updated inpackages/\*\*/e2ejesttests added or updated inpackages/\*\*/__tests__Test Plan
I currently only have this working in our product application which won't be possible to post videos or screenshots of on a public PR, but I can create a minimum repro app soon enough (probably in my free time over the weekend) and post videos and screenshots from that instead.
Update:
As promised, here is a demo of the changes in action along with a demo repo: https://github.com/jamespb97/firebase-totp-demo
To run just change the app.json accordingly and copy across your firebase service files and it should all work.
Android:
Android.Demo.mp4
iOS:
iOS.demo.mp4
Think
react-native-firebaseis great? Please consider supporting the project with any of the below:React Native FirebaseandInvertaseon Twitter🔥 🔥 🔥