[firebase_auth ] State of MFA

[MSchmack]

Firebase_auth MFA is currently the second highest unanswered feature request and open since august 2020 without a reply. Google brands flutter as first class citizen but this core feature seems to be getting ignored. As good as any application aimed at mid to enterprise sized organizations that is hosted outside of intranets utilizes 2-factor / MFA auth.

This isn't a issue in the usual sense but a statement on if this feature will find its way into the packages is important for any future app that otherwise will have to look into a seperate solution or workaround for this as well as other potentially missing features.

Edit: Accidentally added the wrong labels. The labels can be removed.

[darshankawar]

Keeping this issue open and will try to forward this to the team for their insights on this.

[darshankawar]

related discussion thread: #2386

[darshankawar]

/cc @Ehesp

[steeling]

This feature has been around for over a year outside of Flutter.. any updates?

[steeling]

FWIW it looks like this feature would take all of 4 API calls to implement:

START_PHONE_MFA_ENROLLMENT = '/v2/accounts/mfaEnrollment:start',
FINALIZE_PHONE_MFA_ENROLLMENT = '/v2/accounts/mfaEnrollment:finalize',
START_PHONE_MFA_SIGN_IN = '/v2/accounts/mfaSignIn:start',
FINALIZE_PHONE_MFA_SIGN_IN = '/v2/accounts/mfaSignIn:finalize',

[Ehesp]

Hi All - this is on the roadmap, but currently we are prioritising releasing the remaining plugins. Once they're complete, this will be worked on.

[dominicmh]

Hi @Ehesp, is the roadmap for this feature clearer now that the remaining plugins have been released?
Thanks!

[hansanker]

Hi, I hope this feature comes soon. We need MFA in our application to be compliant. Thanks a lot in advance.
And thanks for the work done so far on flutterfire, it has been a great help!

[Ehesp]

@Salakar is currently documenting the API surface area for all platforms. Once that is approved we'll start the implementation.

[cbenhagen]

@Salakar is that documentation public somewhere? What is the status of the implementation? How can I help?

[davidmigloz]

@Ehesp do you have an approx. ETA?
I'm willing to help if needed.

[Lyokone]

Hey, the implementation is in progress.
Was needing the v9 SDK on JS that should be soon ready. Thanks for your patience

[mufarrah]

Any updates on this ?

[Lyokone]

Should be release with this week version

[mufarrah]

Should be release with this week version

Awesome, looking forward

[cbenhagen]

@Lyokone great news! Will there also be macOS support? What about Linux / Windows in https://github.com/invertase/flutterfire_desktop?

[Lyokone]

macOS support will not be integrated at first. The underlying Firebase macOS SDK is missing some functions.

Not sure about Linux / Windows, the REST API doesn't seem to support MFA 🤔
https://firebase.google.com/docs/reference/rest/auth

[cbenhagen]

@Lyokone can you be more specific about the missing functions in the macOS SDK? Is there an open issue already you can link to? I have successfully implemented MFA on macOS in our app using the REST API. You can find the documentation here:
https://cloud.google.com/identity-platform/docs/reference/rest/v2/accounts.mfaEnrollment

And some more info in this discussion: #2386

[Lyokone]

As I remember, the verifyPhone function was missing from the macOS SDK, I might need to double-check that.
Thanks for the documentation, we'll probably focus on Android, iOS and Web then add desktop platforms.

[cbenhagen]

@Lyokone Are you refering to -verifyphonenumber:uidelegate:completion:? Would you mind creating an issue in https://github.com/firebase/firebase-ios-sdk for the missing functions once you tracked them down?

[Lyokone]

Hey,
I doubled checked and even MultiFactorSession is only available for iOS : https://firebase.google.com/docs/reference/ios/firebaseauth/api/reference/Classes#firmultifactorsession

I've added a request here: firebase/firebase-ios-sdk#10034

[Lyokone]

Closing since MFA is now available