In my last blog, I have explained how to integrate email authentication using Firebase. In this one, we can take a step further and look into Firebase authentication using a phone number. This method of authentication is considered to be insecure for many reasons. Some of the reasons are, users can easily be swap sims and access personal messages, a sim can easily get lost and the one who finds can easily have access to the OTP’s. But anyhow this method of authentication can be tagged up with other authentication methods and make your app more secure.

In this blog, I will explain how to integrate Firebase phone number authentication. I will try to keep it simple and from the scratch so that even newbies can understand. Below are the steps to implement this functionality.

Make a new project and connect it to Firebase through Android studio and enable phone number auth in Firebase console. {For testing in emulators} Add a mock an OTP and phone number in Firebase console. Initiate Firebase object and callbacks in onCreate for Activity. Start verification with the initiated callback. Show alertDialog with an EditText in the onCodeSent callback Call sign in with the user entered OTP from the alertDialog.

1. Make a new project and connect it to Firebase through Android studio and enable phone number auth in Firebase console.

In your new project, select Tools>Firebase>

Enable phone in Firebase console

Once connected it will show like this

Connecting your project is very simple and straight forward. As shown in the above images, Android studio already has the options ready for you. Just navigate through it and add your project in Firebase console using your credentials.

2. {For testing in emulators} Add a mock an OTP and phone number in Firebase console.

Click on the drop down to add phone number

Add the mock phone number and OTP for testing. Click save.

This above part is only for the testing purpose in emulators. The app will try to send OTP without any SIM while running this app. So because of not having any sim, you won’t get any callbacks and it will error out. While testing it in emulators, it’s mandatory to add a mock phone number and OTP in the Firebase console. Whenever the app tries to hit the console using the mock number, it will forward the mock OTP to that number. This is a step most of the developers miss while testing it in emulators.

3. Initiate Firebase object and callbacks in onCreate for Activity.

In onCreate of Activity initiate the Firebase object and create a call back like shown in the code above. This callback object will be used later in the integration. Once we hit the Firebase console with the phone number, Firebase returns all the callbacks to front end inside this object we have created. From here we will have to manage everything forward. So initiating a call back is the first process. Whatever has done inside the callback, I will explain it going forward in this blog.

4. Start verification with the initiated callback.

With the initiated callback call verifyPhoneNumber method. The phone number should be the user-entered phone number which is, in that number the OTP will be received. In case of testing it in emulators, add the mock phone number which you have added in the console, then only you will receive the OTP.

5. Show alertDialog with an EditText in the onCodeSent callback.

Once the code is successfully sent, the app will receive a call back inside the onCodeSent method. Inside that call back we need to show an EditText for the user to enter the OTP they have received. In this project, I am showing an alertDialog box with an EditText and a Button. In case of testing in emulators, we have to enter the mock OTP which we have given it in the console. With the entered OTP try to fetch the credential from PhoneAuthProvider. Once we get that, pass it for signing in the user.

6. Call sign in with the user entered OTP from the alertDialog.

If the user has entered the correct the OTP, then the app will sign in the user successfully otherwise we can show error saying the entered OTP is invalid.

By this way, you can sign in a user with a phone number authentication. I think it’s pretty easy a straight forward, though it’s not considered to be much safe. The main advantage of doing this is, we can have a check on the validity of the user data which will be useful in many business use cases.