-
Notifications
You must be signed in to change notification settings - Fork 83
Conversation
</small> | ||
</p> | ||
{{end}} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
double checking - the password never gets sent to our sever, so JS validation is the last stop?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's correct. It's not my favorite thing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the password would go to us if we did server-side user creation though, right @whaught? The SDK just isn't ready for Go yet?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The existing FB admin sdk supports user creation and password setting
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No it's that the Go SDK doesn't support Multi-Factor-Auth and associated management.
I know we can create a user with a password, idk about changing it with an ooB code - I'll check
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The trouble is the oobCode that gets sent in the email - we have no way to verify that (outside of firebase) because we don't send the email.
If we had an SMTP server we could send the email ourselves with a token we track and verify server-side (then we could embed the validation logic server side too). We'd then need to handle oobCode storage and expiry ourselves too.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mikehelmick, whaught The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixes #573
Proposed Changes
Release Note