0

I am using Firebase Phone Auth sign in for authentication in my android and iOS apps. When verifying a user, there is a minor chance that captcha can be shown for verification and it redirects to webview. In that webview, firebase is showing the default domain "example.firebaseapp.com" to users. I have added a custom domain to firebase hosting and phone auth sign in and it is verified and connected. How can I show this custom domain to users instead of the default domain.

I searched various posts but most of them were related to web and couldn't find anything specific to mobile platform. Please help me with the solution and is it safe to show the default domain to users?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
marsuser
  • 125
  • 9
  • Did you follow the steps in https://firebase.google.com/docs/auth/web/google-signin#customizing-the-redirect-domain-for-google-sign-in? – Frank van Puffelen May 08 '21 at 20:38
  • I followed and added 1,2,3 steps mentioned in the url. But the fourth steps seems to be for web applications. I am using native android and iOS firebase sdks and added the configurations through json file. Not sure where to add the authDomain url as there is no initialization like javascript sdk shown in the documentation. – marsuser May 10 '21 at 05:16
  • Hmmm.... I'm not sure where this comes from in native apps indeed. It might be worth checking the google-services.info.plist. – Frank van Puffelen May 10 '21 at 14:30
  • I tried adding 'auth_domain' key under project_info in google-services.json but it doesn't work. Not sure if there is an actual solution for native mobile sdks. I see many others (eg. https://stackoverflow.com/questions/62394847/ios-firebase-auth-domain-visible-to-users) facing same issue but no clear documentation or solution. Also curious, Is it safe to show the firebase default url to end users in production app? – marsuser May 10 '21 at 18:27
  • See https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public/37484053#37484053 for that last question – Frank van Puffelen May 10 '21 at 20:28
  • Thanks for the link. From what I understood, it is not a security risk to expose the firebase url. I guess I will have to live with the default url as I am not finding a way to show my custom domain instead of the firebase url. – marsuser May 10 '21 at 21:47

0 Answers0