Merge pull request #205 from firebase/Passwordless

bojeil-google · web-flow · commit 65991b847e97 · 2018-03-20T16:53:56.000-07:00
Added new Passwordless/Email link auth QuickStart sample.
diff --git a/README.md b/README.md
@@ -6,6 +6,8 @@ Samples available:
  - [Auth](auth/README.md)
    - Anonymous Auth
    - Custom Auth
+   - Email and Password auth
+   - Email Link auth
    - Phone Auth using a visible ReCaptcha
    - Phone Auth using an invisible ReCaptcha
    - Phone Auth using popup
diff --git a/auth/README.md b/auth/README.md
@@ -3,7 +3,8 @@ Firebase Auth Quickstarts
 
 The Firebase auth quickstart demonstrates several methods for signing in:
 
- - The [Firebase email/password quickstart](email.html) demonstrates using a Firebase stored email & password - you can both create and sign in a user.
+ - The [Firebase email and password authentication quickstart](email-password.html) demonstrates using a Firebase stored email & password to authenticate - you can both create and sign in a user.
+ - The [Firebase email link authentication quickstart](email-link.html) demonstrates using an email address to sign-in without a password, via a link sent through email - you can both create and sign in a user.
  - The Firebase phone number authentication quickstart demonstrates using Firebase phone number authentication using three different techniques: with a [visible ReCaptcha](phone.html), an [invisible ReCaptcha](phone-invisible.html) and a [simplified popup flow](phone-simple.html) (not recommended for production apps).
  - The Firebase Google Sign in quickstarts demonstrate using a Google account to authenticate to Firebase using three different techniques: with a [popup](google-popup.html), a [redirect](google-redirect.html) and an [auth token](google-credentials.html).
  - The Firebase Facebook Login quickstarts demonstrate using a Facebook account to authenticate to Firebase using three different techniques: with a [popup](facebook-popup.html), a [redirect](facebook-redirect.html) and an [auth token](facebook-credentials.html).
diff --git a/auth/email-link.html b/auth/email-link.html
@@ -0,0 +1,239 @@
+<!DOCTYPE html>
+<!--
+Copyright (c) 2016 Google Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<html>
+<head>
+  <meta charset=utf-8 />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Email Link Authentication Example</title>
+
+  <!-- Material Design Theming -->
+  <link rel="stylesheet" href="https://code.getmdl.io/1.1.3/material.orange-indigo.min.css">
+  <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
+  <script defer src="https://code.getmdl.io/1.1.3/material.min.js"></script>
+
+  <link rel="stylesheet" href="main.css">
+
+  <!-- Import and configure the Firebase SDK -->
+  <!-- These scripts are made available when the app is served or deployed on Firebase Hosting -->
+  <!-- If you do not serve/host your project using Firebase Hosting see https://firebase.google.com/docs/web/setup -->
+  <script src="/__/firebase/4.12.0/firebase-app.js"></script>
+  <script src="/__/firebase/4.12.0/firebase-auth.js"></script>
+  <script src="/__/firebase/init.js"></script>
+
+  <script type="text/javascript">
+
+    /**
+     * Handles the sign in button press.
+     */
+    function toggleSignIn() {
+      // Disable the sign-in button during async sign-in tasks.
+      document.getElementById('quickstart-sign-in').disabled = true;
+
+      if (firebase.auth().currentUser) {
+        // [START signout]
+        firebase.auth().signOut().catch(function(error) {
+          // Handle Errors here.
+          var errorCode = error.code;
+          var errorMessage = error.message;
+          // [START_EXCLUDE]
+          handleError(error);
+          // [END_EXCLUDE]
+        });
+        // [END signout]
+      } else {
+        var email = document.getElementById('email').value;
+        // Sending email with sign-in link.
+        // [START authwithemail]
+        var actionCodeSettings = {
+          // URL you want to redirect back to. The domain (www.example.com) for this URL
+          // must be whitelisted in the Firebase Console.
+          'url': window.location.href, // Here we redirect back to this same page.
+          'handleCodeInApp': true // This must be true.
+         };
+
+        firebase.auth().sendSignInLinkToEmail(email, actionCodeSettings).then(function() {
+          // Save the email locally so you don’t need to ask the user for it again if they open
+          // the link on the same device.
+          window.localStorage.setItem('emailForSignIn', email);
+          // The link was successfully sent. Inform the user.
+          alert('An email was sent to ' + email + '. Please use the link in the email to sign-in.');
+          // [START_EXCLUDE]
+          // Re-enable the sign-in button.
+          document.getElementById('quickstart-sign-in').disabled = false;
+          // [END_EXCLUDE]
+        }).catch(function(error) {
+          // Handle Errors here.
+          var errorCode = error.code;
+          var errorMessage = error.message;
+          // [START_EXCLUDE]
+          handleError(error);
+          // [END_EXCLUDE]
+        });
+        // [END authwithemail]
+      }
+    }
+
+    /**
+     * Handles Errors from various Promises..
+     */
+    function handleError(error) {
+      // Display Error.
+      alert('Error: ' + error.message);
+      console.log(error);
+      // Re-enable the sign-in button.
+      document.getElementById('quickstart-sign-in').disabled = false;
+    }
+
+    /**
+     * Handles automatically signing-in the app if we clicked on the sign-in link in the email.
+     */
+    function handleSignIn() {
+      // [START handlesignin]
+      if (firebase.auth().isSignInWithEmailLink(window.location.href)) {
+        // [START_EXCLUDE]
+        // Disable the sign-in button during async sign-in tasks.
+        document.getElementById('quickstart-sign-in').disabled = true;
+        // [END_EXCLUDE]
+
+        // You can also get the other parameters passed in the query string such as state=STATE.
+        // Get the email if available.
+        var email = window.localStorage.getItem('emailForSignIn');
+        if (!email) {
+          // User opened the link on a different device. To prevent session fixation attacks, ask the
+          // user to provide the associated email again. For example:
+          email = window.prompt('Please provide the email you\'d like to sign-in with for confirmation.');
+        }
+        if (email) {
+          // The client SDK will parse the code from the link for you.
+          firebase.auth().signInWithEmailLink(email, window.location.href).then(function(result) {
+            // Clear the URL to remove the sign-in link parameters.
+            if (history && history.replaceState) {
+              window.history.replaceState({}, document.title, window.location.href.split('?')[0]);
+            }
+            // Clear email from storage.
+            window.localStorage.removeItem('emailForSignIn');
+            // Signed-in user's information.
+            var user = result.user;
+            var isNewUser = result.additionalUserInfo.isNewUser;
+            console.log(result)
+          }).catch(function(error) {
+            // Handle Errors here.
+            var errorCode = error.code;
+            var errorMessage = error.message;
+            // [START_EXCLUDE]
+            handleError(error);
+            // [END_EXCLUDE]
+          });
+        }
+      }
+      // [END handlesignin]
+    }
+
+    /**
+     * initApp handles setting up UI event listeners and registering Firebase auth listeners:
+     *  - firebase.auth().onAuthStateChanged: This listener is called when the user is signed in or
+     *    out, and that is where we update the UI.
+     */
+    function initApp() {
+      // Restore the previously used value of the email.
+      var email = window.localStorage.getItem('emailForSignIn');
+      document.getElementById('email').value = email;
+
+      // Automatically signs the user-in using the link.
+      handleSignIn();
+
+      // Listening for auth state changes.
+      // [START authstatelistener]
+      firebase.auth().onAuthStateChanged(function(user) {
+        if (user) {
+          // User is signed in.
+          var displayName = user.displayName;
+          var email = user.email;
+          var emailVerified = user.emailVerified;
+          var photoURL = user.photoURL;
+          var isAnonymous = user.isAnonymous;
+          var uid = user.uid;
+          var providerData = user.providerData;
+          // Update UI.
+          // [START_EXCLUDE]
+          document.getElementById('quickstart-sign-in-status').textContent = 'Signed in';
+          document.getElementById('quickstart-sign-in').textContent = 'Sign out';
+          document.getElementById('quickstart-account-details').textContent = JSON.stringify(user, null, '  ');
+          // [END_EXCLUDE]
+        } else {
+          // User is signed out.
+          // Update UI.
+          // [START_EXCLUDE]
+          document.getElementById('quickstart-sign-in-status').textContent = 'Signed out';
+          document.getElementById('quickstart-sign-in').textContent = 'Sign In without password';
+          document.getElementById('quickstart-account-details').textContent = 'null';
+          // [END_EXCLUDE]
+        }
+        // [START_EXCLUDE silent]
+        document.getElementById('quickstart-sign-in').disabled = false;
+        // [END_EXCLUDE]
+      });
+      // [END authstatelistener]
+
+      document.getElementById('quickstart-sign-in').addEventListener('click', toggleSignIn, false);
+    }
+
+    window.onload = initApp;
+  </script>
+</head>
+<body>
+<div class="demo-layout mdl-layout mdl-js-layout mdl-layout--fixed-header">
+
+  <!-- Header section containing title -->
+  <header class="mdl-layout__header mdl-color-text--white mdl-color--light-blue-700">
+    <div class="mdl-cell mdl-cell--12-col mdl-cell--12-col-tablet mdl-grid">
+      <div class="mdl-layout__header-row mdl-cell mdl-cell--12-col mdl-cell--12-col-tablet mdl-cell--8-col-desktop">
+        <a href="/"><h3>Firebase Authentication</h3></a>
+      </div>
+    </div>
+  </header>
+
+  <main class="mdl-layout__content mdl-color--grey-100">
+    <div class="mdl-cell mdl-cell--12-col mdl-cell--12-col-tablet mdl-grid">
+
+      <!-- Container for the demo -->
+      <div class="mdl-card mdl-shadow--2dp mdl-cell mdl-cell--12-col mdl-cell--12-col-tablet mdl-cell--12-col-desktop">
+        <div class="mdl-card__title mdl-color--light-blue-600 mdl-color-text--white">
+          <h2 class="mdl-card__title-text">Firebase Email Link Authentication</h2>
+        </div>
+        <div class="mdl-card__supporting-text mdl-color-text--grey-600">
+          <p>Enter your email below and sign in to your account through a link sent to you via email. This will automatically create an account if you do not have one already.</p>
+          <form onsubmit="return false">
+            <input class="mdl-textfield__input" style="display:inline;width:auto;" type="text" id="email" name="email" placeholder="Email"/>
+            &nbsp;&nbsp;&nbsp;
+            <button disabled class="mdl-button mdl-js-button mdl-button--raised" id="quickstart-sign-in" name="signin">Sign In without password</button>
+          </form>
+
+          <!-- Container where we'll display the user details -->
+          <div class="quickstart-user-details-container">
+            Firebase sign-in status: <span id="quickstart-sign-in-status">Unknown</span>
+            <div>Firebase auth <code>currentUser</code> object value:</div>
+            <pre><code id="quickstart-account-details">null</code></pre>
+          </div>
+        </div>
+      </div>
+
+    </div>
+  </main>
+</div>
+</body>
+</html>
diff --git a/auth/email-password.html b/auth/email-password.html
diff --git a/auth/index.html b/auth/index.html
@@ -49,15 +49,14 @@ <h2 class="mdl-card__title-text">Table of Content</h2>
         </div>
         <div class="mdl-card__supporting-text mdl-color-text--grey-600">
           <p>
-            There are multiple methods available for authentication with Firebase. Ensure that
-            you have added configuration to each file, and that the appropriate method has been
-            enabled in the Firebase Console authentication panel. Note: custom auth does not require
-            enabling.
+            There are multiple methods available for authentication with Firebase. Ensure that the appropriate sign-in method has been
+            enabled in the Firebase Console authentication panel. Note: custom auth does not require enabling.
           </p>
 
           <ul>
             <li><a href="anon.html">Anonymous</a></li>
-            <li><a href="email.html">Email/Password</a></li>
+            <li><a href="email-password.html">Email and Password authentication</a></li>
+            <li><a href="email-link.html">Email Link authentication</a></li>
             <li><a href="customauth.html">Custom Authentication</a> and an Example <a href="exampletokengenerator/auth.html">Custom Token Generator</a><br><br></li>
 
             <li><a href="phone-visible.html">Phone number sign-in with visible ReCaptcha</a></li>
