Authentication
The Authentication view handles all register, login, phone and social auth flows.
These details are only updated with each release, for more acurate updates and keeping track of progress, see the task in GitHub.
- View Details
- User Details
- Features
- Data
- API
Description
Authentication is handled via Firebase ID tokens. The server verifies the token on every request and extracts the caller's uid, email, and phoneNumber from the JWT claims — no separate login endpoint exists.
POST /auth/sync must be called once per session to create or update the
corresponding Firestore document for the authenticated user.
Status
| Doc Status | Product Status | Last Update | Version | Release | Phase |
|---|---|---|---|---|---|
| In Progress | Up Next | 04.03.2024 | 0.01 | Internal | Alpha |
Team
| Owner | Lead |
|---|---|
| Ben | - |
Reminders
- Keep code lean and clear
- follow the outlined arcetecture
- write commetes in your code
- update the staus in the docs and in GitHub
- try not to recreate functions we alredy have, rather update exsiting functions to support your needs
- Be sure to follow the release guidelines
- Update Documentation
- keep API docs up to date each time you update or add endpoints
Links & Resources
User Stories
Persona One
Update Coming Soon
As a busy user I don’t want to watch but rather listen to a podcast, however, when I hear a voice I don’t recognize, I want to take a glance at my phone to see a name and/or photo of who is talking or maybe ask the built-in “AI/assistant”.
User Flows
Personas
Features
Below is a list of features that will be utilized in order to deliver the best account features and functionalities. The details bellow are not comprehensive feature details but rather, describe how the features will be utilized within the account, for further details, please see the individual feature documentation.
You can find the Data Structure.
On the document we want to keep all the important data, the first fetch and fast to access.
Auth
Not all accounts will need auth, primaraly accounts will be accessed by other accounts however, indeviduals will need to authenticate. If auth is not reqried than access is reqied and vs.
- auth
- - method 1
- - - method (social, local, keypas)
- - - created (date)
- - - email
- - - password
- - - status
- - - expried
- - method 2
- - - method (pin)
- - - created (date)
- - - pincode (******)
- - - status
- - - expried (date)
API
POST /auth/sync
Called on every app login. Creates the accounts/{uid} Firestore document on
the first call; on subsequent calls updates lastLoginAt and updatedAt.
Request
No body required. The caller's identity is taken from the Firebase token.
Response — first login 201 Created
{
"message": "Account created",
"isNew": true,
"account": {
"uid": "abc123",
"type": "personal",
"status": "active",
"verified": false,
"createdAt": "2026-01-15T09:00:00.000Z",
"updatedAt": "2026-01-15T09:00:00.000Z",
"lastLoginAt": "2026-01-15T09:00:00.000Z",
"email": "alice@example.com",
"languages": []
}
}
Response — repeat login 200 OK
Same shape as above, with "isNew": false and "message": "Account updated".
Error codes
| Code | Meaning |
|---|---|
401 | Missing or expired Firebase token |
405 | Wrong HTTP method (only POST allowed) |
500 | Unexpected server error |
curl example
curl -X POST https://colibri-api-643619291153.me-west1.run.app/auth/sync \
-H "Authorization: Bearer <ID_TOKEN>"