CLA assistant check
All committers have signed the CLA.

I'm not aware of a better way to do this given we don't have TOTP support in the emulator, your patch-package based development workflow sounds both a) really painful and objectively awful and also b) like the best way

Sorry for the a) painful + awful part, I wish there was a better way

That said, this is incredible if you've got this working with an app that uses MFA and TOTP so you know it's working on both platforms - for the avoidance of doubt, you confirm that is the case? it is tested and working in your app on android and iOS ? If so, this is exciting

@mikehardy I appreciate the feedback re my workflow 😆

For the proof, yes, I was meant to whip up a little demo app which I just didn't get time to do over the weekend. I'll see what I can do, hopefully, this week.

I am just about to deploy our app to our production environment with this patch as it has all been going very well in testing. Any fixes or changes that might crop up I am making sure to push back into this PR.

Hey @mikehardy I've seen there's the firebase emulator blocking issue which doesn't seem to have any movement from the emulator team.

Is a TOTP implementation for this library at all possible to merge into main without e2e testing? If the maintainers are comfortable having it implemented without the full automated test suite and with a heavy caveat for anyone who chooses to use it, I'm happy to lend some time to get this PR polished and merged to main.

If it's not a go without those tests though then all good.

I've got a different way to verify it I think and will be trying an experiment to verifiy if it will work or not shortly. The PR to implement it can go in either way though. Can't really have a regression on something that didn't work before, no reason to reject a community PR based on that...

@mikehardy I have updated the description with demos as promised. Let me know what you think

@jamespb97 A PR I've authored recently will conflict with this PR. I'm happy to manage the conflicts if you bring this fork up to date with main. Can make a branch and get you to review it before merging back the PR branch.

Great contribution @jamespb97!
This feature is something very important for a project I'm working on, there's any updates? Estimated time when this will be available in a new version of the library? Thanks in advance

@jamespb97 A PR I've authored recently will conflict with this PR. I'm happy to manage the conflicts if you bring this fork up to date with main. Can make a branch and get you to review it before merging back the PR branch.

No problem, I’m away the next few days but when I get a moment I’ll sort it out 👍

@Daniel528 Merge "should" work but I will be updating on testing by end of the day

@Daniel528 Now it works 👍

Yer groovy, good one line change to catch TOTP. From what I can see there's no unique properties associated with TOTP we need to append to the factor dictionary like the phone requires.

Yer groovy, good one line change to catch TOTP. From what I can see there's no unique properties associated with TOTP we need to append to the factor dictionary like the phone requires.

Agreed. Since this library just needs parity with the web SDK, there seems to be no extra details with TOTP, as per the TotpMultiFactorInfo type definition in web sdk.

My attempt at creating a more regular "manual verification" pathway for testing that isn't supported by automated e2e testing / firebase simulator appears to work

• test: unify the manual and automated tests #8675

With that setup I can use our existing e2e test app (with all it's configuration setup as needed for TOTP verification...) to make a manual TOTP testing panel and get this PR merged with confidence

I'm going to pull this branch locally and try to do that manual test panel in the e2e app, and hopefully get this thing merged at long last!

I backed out the merge and squashed it down to one feature commit, so I could cleanly rebase my testing PR merge into here, I'll work on the test app panel today and repush when I think I've got it

I'm reasonably certain the functionality works great - which is amazing, and thank you - just need to make sure it's maintainable over course of years and years so I've got to have a way to easily check it in the future

Going to shop it internally for review, but the first thing I can think of is that the TotpSecret class doesn't seem to have typescript types, though I may have missed them. The JS works though, so if they are missing it will be an easy fix

My bad I must have missed that when copying across to the fork but I do have the class defined in my patch. I can copy across if you'd like if you haven't already done it

I haven't yet and will be out of the office next few hours, if you could add it that would be great. Likely need to reset hard on the branch from github, ive groomed the commits via rebase merge and force push...

thoughts rattling around my head while out and about for pre-merge:

• put co-authored-by git commit attribution on the test app commit
• check copyright headers everywhere (test app should have them as well)
• carefully compare all typing with upstream to make sure
• check docs site typescript generation to make sure typing is good
• possibly implement native-only openInOTPApp - supported ios/android, not web but that's one of the reasons to use native vs web sdk...
• verify Other platform support, testing was done ios/android so far, not Other
• triple check flow and API calls in manual test vs web implementation guide for API fidelity / compatibility

More of a checklist for verification then lots of work but I forget checklists if I don't write them down

underestimated the complexity of adding support for the web / Other platform through our wrappers but got that working and have done all the typing and docs changes needed.

I did add openInOtpApp :-)

Just re-reading one more time then I'll merge and release.

This is an absolutely huge feature for react-native-firebase, I'm so pleased to merge this. Thanks for posting it up - please @ tag me if there is a need for any followups, I drown in more generic notifications and don't want to miss any related to this.

Released as 23.2.0

https://github.com/invertase/react-native-firebase/blob/main/CHANGELOG.md#2320-2025年08月29日

react-native-firebase finally has TOTP. Wow, we're all grown up for auth at long last

Wow! Very speedy work @mikehardy! Thanks so much for getting this over the line, you're a legend!

Been observing this PR and I can only say; thank you @mikehardy and @jamespb97 for the hard work.

Just a quick note that I continued the MFA odyssey today by finally proving to my satisfaction that SMS MFA worked as well.
Spoiler alert, it did not, quite, but it was close. I have a PR up that will fix it

• fix(auth): export totp modular types / enable ios sms mfa (w/emulator patch) / add sms mfa to demo #8685
  -- noticed the TOTP types weren't exported in modular style and I added that.
  -- discovered the firebase emulator needs a patch to work on IOS with SMS MFA, you may be interested...