-
Notifications
You must be signed in to change notification settings - Fork 898
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add reCAPTCHA Enterprise support for Phone Auth #8568
Conversation
…to phone API requests (#7786) * Update injectRecaptchaFields to inject recaptcha fields into phone API requests * Fix lint * Rename captchaResp and fakeToken params * Format
* Update injectRecaptchaFields to inject recaptcha enterprise fields into phone API requests (#7786) * Update injectRecaptchaFields to inject recaptcha fields into phone API requests * Fix lint * Rename captchaResp and fakeToken params * Format * Implement reCAPTCHA Enterprise flow for phone provider * Cleanup tests * Make recaptchaEnterpriseVerifier.verify return a mock when appVerificationDisabledForTesting is true * Lint fix * yarn docgen devsite * Mark appVerifier param in Phone Auth APIs as required * Update API reports * Change RecaptchaProvider to RecaptchaAuthProvider * Fix reference docs * Add more unit tests --------- Co-authored-by: NhienLam <NhienLam@users.noreply.github.com>
* Make ApplicationVerifier params optional in Phone APIs * Add more unit tests for when ApplicationVerifier is not available
…ent state (#8500) * Proceed to reCAPTCHA v2 if cannot get phone enablement state * nit: Add a missing period.
* Add integration test for rCE ENFORCE * format
🦋 Changeset detectedLatest commit: 99e3475 The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Vertex AI Mock Responses Check
|
Changeset File Check ✅
|
Size Report 1Affected Products
Test Logs |
Size Analysis Report 1This report is too large (105,607 characters) to be displayed here in a GitHub comment. Please use the below link to see the full report on Google Cloud Storage.Test Logs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Discussion
Currently, Firebase Auth Web SDK is relying on reCAPTCHA v2 to verify that the phone number verification request comes from one of the app's allowed domains to mitigate SMS abuse.
A downside of reCAPTCHA v2 is that end-users are required to solve a challenge. Therefore, we would like to give end-users a better user experience by integrating reCAPTCHA Enterprise with our phone auth flow. reCAPTCHA Enterprise is completely invisible to the user, so the phone auth flow will become seamless without user interaction.
Testing