prameshj
prameshj
We aren't sure of the rootcause of this, but browser privacy settings could cause it. Can you try one of the mitigations in https://firebase.google.com/docs/auth/web/third-party-storage-mitigation and see if it helps? Thanks!
> Check out this link: https://firebase.google.com/docs/auth/web/redirect-best-practices#update-authdomain > > This is a known issue and it results most likely from browser settings blocking third party cookies. When I allowed third party...
You need to attack either a safetyNet token or Recaptcha token from Android for Phone Auth - https://firebase.google.com/docs/auth/android/phone-auth#enable-app-verification. Similarly you need a suitable client identifier on iOS as described in...
The client identifier tokens are obtained via the client SDKs, so this is not really supported via rest APIs.
Thanks for checking in on this. We went through pen-testing as well and this was brought up as a low-risk item, because the threat model is where 1) an attacker...
Thanks for filing this, @marcusx2 . Can you elaborate on why the second verifyPhoneNumber call is needed once a userCredential has been obtained?