I tried to use trigger mail, I set up the extension and made a write to the database but the trigger mail operation was rejected this was the error: "Error: Missing credentials for "PLAIN"". The docs show examples of using the admin sdk to write the data for trigger mail. My question is do I absolutely need to use the admin sdk for this, and if so where do I store the adminkey.json that firebase generates for me, for security purposes?
Related
I'm developing an android app with firebase as a backend and I heard a word named Admin SDK. I had searched for it and found it is used to manage data.
But I have a doubt that firebase provides a console webpage (console.firebase.google.com) to manage data, but why there is a separate Admin SDK?
Can someOne please explain...
The firebase admin SDK provides a simple and easy way to modify firebase settings and data using API calls.
For example, you might ask: why should you even have a regular SDK to store data? After all, you can store and save data directly from the web interface. It is, however, simply not secure or practical to have users update their own data each time using the console.
Similarly, the admin SDK is just like the regular SDK but with administrator permissions. For example, it allows you to bypass the rules set up using your firestore rules. The Firebase admin SDK is meant to be used on your backend - so you know it is running trusted software. You know that it will act the way you expect it to, unlike code running client-side that can't be trusted.
For example, let's say that you want to be able to delete a user's post if certain conditions are met. The user will make the request to your server, and it will check if the conditions are met, and then delete the post using its admin privilages. Sure you could technically automate this using firestorm rules, but those can be quite cumbersome and might not work in more complicated examples.
You can also even use it to integrate with other applications like connecting your app to a moderation tool or a curse detector that can't or shouldn't run on the client's device.
Is your question is why does Admin SDK exists?
There are several administrative tasks such as deleting users, listing collections and many more which the client cannot and should not be able to do.
Firebase Admin SDK has admin access to your Firebase project's resources.
It does not obey any security rules and can read/write any of your database, storage bucket..
That is why you must use Admin SDK in a server (or cloud function only). Although I feel Firebase Admin SDK is more useful if you use your own servers and authentication method. If you are using a custom server then:
It can be used to generate custom token so you can authenticate users using your own method (maybe legacy auth system) but still use Firebase Authentication to handle the auth tokens thereafter.
If you use your own database (and not any from Firebase), the Admin SDK can verify the ID Token sent by client and get identity of that user. Thereafter it's could be a simple if-else statement for you to decide if the user has access to the request resource or not.
I've been trying to create a contact form for my flutter project. The contact form is composed of two steps. First, the user provides their email and then describes their issue. Once the user presses submit, I want to receive an email on my end. I've look at several packages like mailer and flutter_email_sender. However, they don't seem to offer good solutions; mailer requires that I provide the password to my email address in my code (opening up the possibility for vulnerabilities). Flutter_email_sender simply opens up an email app on the phone.
Recently I've come across the perfect solution, Firebase's new extension Trigger Email. Although the extension seems promising, I can't find any resources outlining proper implementation of Trigger Email in Flutter.
Can you please provide an example of how Trigger Email can be implemented in Flutter project?
From the documentation of the extension:
Use this extension to render and send emails that contain the information from documents added to a specified Cloud Firestore collection.
So to send an email you write a document to Cloud Firestore. For examples of writing to Cloud Firestore from Flutter, see the FlutterFire documentation for examples of this.
I'm making a little Snapchat clone, and a part of this app I'm trying to build is the ability to add a friend and start a conversation with them. I'm using Firebase to manage my users and I'm a little stuck now trying to figure out what works and why I'm getting problems trying to use some methods or functions.
What I want is this simple line of code to work:
var userByEmail = await _admin.app().auth().getUserByEmail("b#gmail.com");
print(userByEmail.toString());
However this has been giving my some problems, most recently, the following error message:
Unhandled Exception: FirebaseAuthError(auth/invalid-credential): Must initialize app with a cert credential or set your Firebase project ID as the GOOGLE_CLOUD_PROJECT environment variable to call verifyIdToken().
Getting to this point made me want to first ask a question about FirebaseAdmin and Auth before continuing and potentially screwing up my app settings.
Is there a simple way to do what I'm trying to do?
I have a Firebase.instance.initializeApp() in my Main function, do I only ever call that once or should I start initilizeApp in the initState of each Stateful Widget where needed?
What does this error message actually mean?
You are trying to use the Firebase Admin SDK in your Flutter code, which is not possible. The Admin SDKs give full administrative access to your Firebase project, which would be a serious security concern if you allow that in your Flutter app.
If you want to allow certain administrative functionality in your application, you will have to make that functionality available yourself. For example, to look up a user by their email address, there are two common approaches:
Store the minimal information about each user in a cloud-accessible database (such as Firebase's Realtime Database or Cloud Firestore) when each user registers with your app, and then look it up from there.
Wrap the getUserByEmail from the Admin SDK in a custom API that you make for yourself, on a server you control or in Cloud Functions. In that API you validate that the user making the call is authorized to do so, then call Firebase through the API you were trying to use, and return the minimal result back to the caller.
Both of these are feasible and can work to solve a variety of use-cases. But if you've never built backend code before, you might find the first approach easier to get started with.
Also see:
How to get Firebase UID knowing email user?
Flutter get User Data from Firebase
The right way to do what you want is using Firebase auth, authenticating your user and using a collection to store and retrieve users information. That auth information provided by firebase should only be used for authentication and security purposes.
The Firebase admin must have a user logged in to work properly, but its purpose is to provide a more administration environment and should not be used inside a clients app, unless its an admin app.
With all that said, lets go for the rescue:
Authenticate your user (using firebase auth);
After auth, save all the user information you want to share with other user inside its own collection (you will need to create one);
When an authenticated user (this is important) 'request any other users data, you query for the data in the previous created collection.
I'm trying to send a verification email without having a firebaseUser, is it possible ?
I know i can do it with user.sendEmailVerification() method but can i do it just by giving an email from a textfield ?
Based on what I knew and what I've read from the documentation, it looks like it's not possible to do this. A Firebase user, a.k.a an user authenticated within Firebase platform is required if you want to send email verification that uses Firebase Email Vetification service.
Well, do not lose hope since there are plenty workarounds to do this. What I would do to achieve this is to use Firebase Cloud Functions to create serverless API platform. I connect Firebase Cloud Functions with Firebase Admin SDK (which also has access to other Firebase services if I am not mistaken).
I send an email using some kind of email service providers such as SendGrid to designated email address (which the app got from user's inputted email) and provide a link to verify there (in the e-mail that sent to designated email address). Then, in the cloud functions, you leverage Firebase Admin SDK to change verification status.
This approach is flexible though, as it can be used to verify a user not only with Firebase Authentication.
Hope it helps. If it's not clear for you, just comment.
Happy coding.
EDIT: After thoroughly read your question again, I realized that my answer is not fully correct. Somehow you still need a specific user to be added within Firebase Authentication database, which you would not want to do manually and let your app do so instead. Perhaps you can use Firebase Admin SDK in this matter. You can read official Firebase documentation for more information regarding Admin SDK.
I'm walking through the steps described here and upon sending the verification email to myself, I get an email in my inbox from noreply#myappname.firebaseapp.com.
For other email-based auth steps, I can customize the sender name and email address directly from the Firebase console:
Am I missing something that could help me with Email Link sign-in or do I need to go through the process of modifying the SMTP settings in my app's console?
I noticed the same behavior / restriction in the Firebase console. Considering that the underlying .firebase.auth().createUserWithEmailAndPassword method could write your new user to firestore, i guess you could use firebase function to trigger a custom email via sendGrid, for example, and you could flesh out a custom workflow from there.
This article, Email via Firebase Firestore Cloud Function Triggers includes the code to trigger custom emails and could be adapted to your needs. I imagine the trick will be to get the .emailValidated property set to true. It may be as easy as switching the boolean - i don't know.
All in all, it seems like a lot of work just to get a customized validation email though. I would recommend you just stick with what they provide.