Following is what I am trying to achieve:
- User installs the app
- On its first launch, user will be asked to specify phone number and Name
- Phone number gets verified by invoking REST API of OTP service providers
- Once 2 Factor Authentication gets complete, I will create the user in Firebase database with its mobile number and Name as attribute to unique phone number
Problem: Now, what I am not getting is how to authenticate user with only phone number, as I want to track all his activities under his/her mobile number.
function showLoginBox() {
...
// Do whatever DOM operations you need to show the login/registration box.
$("#registerButton").on("click", function() {
var email = $("#email").val();
var phone = $("#phone").val();
// Invoke REST API to generate OTP/ Miss call
// Read OTP or user enters the OTP
// Invoke REST API to complete 2FA (Two factor authentication)
// Add the user information to Firebase
authClient.createUser(email, phone, name, function(error, user) {
if (!error) {
doLogin(user);
} else {
alert(error);
}
});
});
}
Now doLogin() function will be passed user object and I can get the user details, but how do I login now.. as I cannot invoke email/password combination or Anonymous login. I even saw the JWT (JSON web token) thing, but it is mentioned under custom login, not sure whether it make sense
Can I do following: - Save the verified mobile number (after 2FA) into local database (window.localstorage) - Read local storage and send the mobile number with every subsequent call
But unless, I will invoke the authentication, how do I implement security/authorization, so as this mobile number can access only its related data.
Can anyone help me to figure out following things: - How do I login the user with his mobile number only - How can I track each and every activity performed by the user by his mobile number (Here mobile number is his user id)
Thanks in advance.