prevent Firebase verify phone from creating account

2
votes

i want to link phone number with previously created account; but when i verify phone number i find two cases :

  1. they send user sms with code, and when user enters it i just save the phone in DB and ends. There is no problem in this.

  2. google auto verifies the phone, without sending MSG, I think because the entered number == the sim number. The problem here that it's auto signs in and creates new firebase user in Auth, and user automatically logs out of current account and logs in the new account (phone number) I want to prevent it from auto create account. Is there any way to do that?

Code:

Future<void> verifyPhone() async {
    final PhoneCodeAutoRetrievalTimeout autoRetrieve = (String verId) {
      //this.verificationId = verId;
    };

    final PhoneCodeSent smsCodeSent = (String verId, [int forceCodeResend]) {
      this.verificationId = verId;
      smsCodeDialog(context).then((value) {
        print('Signed in');
      });
    };

    final PhoneVerificationCompleted verifiedSuccess = (FirebaseUser user) {
      print('verified');
    };

    final PhoneVerificationFailed veriFailed = (AuthException exception) {
      print('${exception.message}');
    };
    print("\n\n ${this.phoneNo} \n\n");

    await FirebaseAuth.instance.verifyPhoneNumber(
      phoneNumber: "+2${this.phoneNo.toString()}",
      codeAutoRetrievalTimeout: autoRetrieve,
      codeSent: smsCodeSent,
      timeout: const Duration(seconds: 5),
      verificationCompleted: verifiedSuccess,
      verificationFailed: veriFailed,
    );
  }
1
firebasefirebase-authenticationflutter

1 Answers

0
votes

Change verifiedSuccess function to take in the parameter of the phonenumber and then save the phone number to the database without going on to actually log in the user with those credentials. Then when the users logs into your app, simply check the database to see if the phone number field exists. If it exists then it is verified then if it does not exist then forward the user back to the phone verification screen. If you follow this process, make sure to take out any code that goes on to log in the user using the phone verified credentials. This way another unique id is not created.