Completes a phone number authentication attempt. If a user already exists with the given phone number, an ID token is minted for that user. Otherwise, a new user is created and associated with the phone number. This method may also be used to link a phone number to an existing user.
To localize the text of the SMS sent to the user, set the HTTP header X-Firebase-Locale
to the language code that corresponds with the user's locale.
An API key is required in the request in order to identify the Google Cloud project.
HTTP request
POST https://identitytoolkit.googleapis.com/v1/accounts:signInWithPhoneNumber
The URL uses gRPC Transcoding syntax.
Request body
The request body contains data with the following structure:
JSON representation |
---|
{
"sessionInfo": string,
"phoneNumber": string,
"code": string,
"temporaryProof": string,
"verificationProof": string,
"idToken": string,
"operation": enum ( |
Fields | |
---|---|
sessionInfo |
Encrypted session information from the response of sendVerificationCode. In the case of authenticating with an SMS code this must be specified, but in the case of using a temporary proof it can be unspecified. |
phoneNumber |
The user's phone number to sign in with. This is necessary in the case of uing a temporary proof, in which case it must match the phone number that was authenticated in the request that generated the temporary proof. This field is ignored if a session info is passed. |
code |
User-entered verification code from an SMS sent to the user's phone. |
temporaryProof |
A proof of the phone number verification, provided from a previous signInWithPhoneNumber request. If this is passed, the caller must also pass in the phoneNumber field the phone number that was verified in the previous request. |
verificationProof |
Do not use. |
idToken |
A valid ID token for an Identity Platform account. If passed, this request will link the phone number to the user represented by this ID token if the phone number is not in use, or will reauthenticate the user if the phone number is already linked to the user. |
operation |
|
tenantId |
The ID of the Identity Platform tenant the user is signing in to. If not set, the user will sign in to the default Identity Platform project. |
Response body
Response message for accounts.signInWithPhoneNumber.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ "idToken": string, "refreshToken": string, "expiresIn": string, "localId": string, "isNewUser": boolean, "temporaryProof": string, "verificationProof": string, "verificationProofExpiresIn": string, "phoneNumber": string, "temporaryProofExpiresIn": string } |
Fields | |
---|---|
idToken |
Identity Platform ID token for the authenticated user. |
refreshToken |
Refresh token for the authenticated user. |
expiresIn |
The number of seconds until the ID token expires. |
localId |
The id of the authenticated user. Present in the case of a successful authentication. In the case when the phone could be verified but the account operation could not be performed, a temporary proof will be returned instead. |
isNewUser |
Whether the authenticated user was created by this request. |
temporaryProof |
A proof of the phone number verification, provided if a phone authentication is successful but the user operation fails. This happens when the request tries to link a phone number to a user with an ID token or reauthenticate with an ID token but the phone number is linked to a different user. |
verificationProof |
Do not use. |
verificationProofExpiresIn |
Do not use. |
phoneNumber |
Phone number of the authenticated user. Always present in the response. |
temporaryProofExpiresIn |
The number of seconds until the temporary proof expires. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/identitytoolkit
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
VerifyOp
Intended operation.
Enums | |
---|---|
VERIFY_OP_UNSPECIFIED |
Operation is not specified. |
SIGN_UP_OR_IN |
Verify operation is to sign up/sign in. |
REAUTH |
Verify operation is to reauth. |
UPDATE |
Verify operation is to update. |
LINK |
Verify operation is to link. |