Context:
I've written an application that distributes a widget that would be installed on a consumer's web application (like Intercom, Hotjar etc.) and I'd like to make use of passwordless authentication to authenticate my users.
From what it seems like, Firebase passwordless auth sends a link to the user's email address, and upon clicking it they'll be redirected. Given that this is a widget, as far as it seems like to me, redirecting to the consumer's application is not possible as it doesn't make sense to whitelist said app in the firebase console.
Redirecting to the main app (where you'd get the widget's code) doesn't make sense either because the user will be authenticated in the main app, not the widget.
The ideal solution in my perspective seems to be sending the OTP code instead which the user can copy/paste into a text field in the widget itself.
What I've tried so far:
I've read the docs thoroughly, tried implementing passwordless authentication which has lead to my above-mentioned conclusions. Since you can't really edit the email template I'm starting to feel that this use-case does not align with what Firebase Passwordless auth was made for.
What I'm looking for:
I want to reduce the sign-in friction for my users, and I'd also like to verify their email addresses so that I can send them notifications/news-letters, etc. later on.
The other authentication providers like the OAuth2 based ones revolve around the fact that the user has registered with that particular service. Anonymous authentication allows users to sign-in but does not ensure that each user has a unique email address. Email/Password authentication has high-friction.
I'm looking for a passwordless authentication that is similar to how auth0 does it, but auth0 has a more verbose limit on the free plan compared to firebase auth.
Any help, advice or pointers would be helpful!
Resources:
Firebase Passwordless Auth: https://firebase.google.com/docs/auth/web/email-link-auth
auth0 Passwordless Auth: https://auth0.com/passwordless/
