Get Firebase user data using email address - firebase

Could I know how to get User data by Email registered to Firebase Auth?
Because I'm using Firebase auth to create users by createUserWithEmailAndPassword in the system from backend. In that method, I'm avoiding password encryption.
And In the future, If I need to update a user password from the backend I want user data. And I don't save uid in my MongoDB for security reasons.
I read so many articles that say use getUserByEmail I think this is deprecated.
How can I do this? Need help :)

The documentation doesn't say anything about getUserByEmail being deprecated. It literally says:
In some cases you will have a user's email instead of their uid. The Firebase Admin SDK supports looking up user information with an email:
So, you should just use what the documentation says.

Related

Flutter Firebase Forgot password

I'm working on a project where I'm using the authentification of firebase to use the forgot password thing. However, I have a collection users that I use as well and need the password field to be updated in the collection as well.
Any solutions please ? I can't seem to find a way to get password from authentification.
There is (very intentionally) no way to get a user's password from Firebase, and wanting to do so typically indicates an anti-pattern in your implementation.
If you already verify the user's credentials elsewhere, you shouldn't use Firebase to do the same (but for example mint a custom token based on the external credentials). If you use Firebase to verify the user's password, you shouldn't repeat that in your code (although you can for example decode the user's ID token to determine their identity).

UPDATED : flutter sign in with realtime database firebase [duplicate]

Is it possible to implement Firebase Authentication with Username And Password
(not email and Password) in Flutter? Is there a way to do it with the Firebase Auth Plugin?
Logically you can control email address
I mean if you want you can maintain email address pattern and store the username for the created UID .
Example :
Var currentTimeStamp:
CurrentTimeStamp#gmail.com
No Need to verify the email address as you need only the UID
Then you have to store the UID ,email address ,along with username in the Firestone or real-time database so that user can login again with the user name .you have to check user name and password is correct or not then do signin with that email addrsss and the given password
Thanks
It’s just an idea
No, FirebaseAuth only supports sign in with email and password. There are no usernames unfortunately.
Currently there is no way to use the default FirebaseAuth to sign in with a username.
But email + password login is much more secure because if you want to try and brute force a user you have 2 missing pieces of information instead of one.
Actually there is a way from the start offered by Firebase. It is by using Custom Auth Tokens (link).
But this is most suitable when you have complete custom server/backend and only want to use Firebase Authentication to handle the authentication.
You will need to create custom auth tokens using the user's user id and password. This can only be done by Firebase Admin SDK (link).
That means this approach needs some kind of server. You can use Google cloud functions or AWS lambda for some cheap options.
Then in order to use the authenticated users, you'll need to implement a function to verify these tokens (link). This gives the UID of the user.

Flutter Firebase Auth with Username and Password

Is it possible to implement Firebase Authentication with Username And Password
(not email and Password) in Flutter? Is there a way to do it with the Firebase Auth Plugin?
Logically you can control email address
I mean if you want you can maintain email address pattern and store the username for the created UID .
Example :
Var currentTimeStamp:
CurrentTimeStamp#gmail.com
No Need to verify the email address as you need only the UID
Then you have to store the UID ,email address ,along with username in the Firestone or real-time database so that user can login again with the user name .you have to check user name and password is correct or not then do signin with that email addrsss and the given password
Thanks
It’s just an idea
No, FirebaseAuth only supports sign in with email and password. There are no usernames unfortunately.
Currently there is no way to use the default FirebaseAuth to sign in with a username.
But email + password login is much more secure because if you want to try and brute force a user you have 2 missing pieces of information instead of one.
Actually there is a way from the start offered by Firebase. It is by using Custom Auth Tokens (link).
But this is most suitable when you have complete custom server/backend and only want to use Firebase Authentication to handle the authentication.
You will need to create custom auth tokens using the user's user id and password. This can only be done by Firebase Admin SDK (link).
That means this approach needs some kind of server. You can use Google cloud functions or AWS lambda for some cheap options.
Then in order to use the authenticated users, you'll need to implement a function to verify these tokens (link). This gives the UID of the user.

How to integrate LINE login into Firebase Auth

I did some research and experiments on integrating LINE login with Firebase Auth using Flutter. I have some questions:
Looks like in Firebase Auth, there are AuthProvider, and in Flutter source code, I also found an OAuthProvider. There you can create Credential to include your idToken and access token. But I don't know how to specify the providerId in that Credential. I guess it is not possible, because Firebase hasn't integrate LINE login. The client side api: logInWithCredential can ONLY work with Firebase supported login methods, and you have to enable them in your Firebase console. Am I right?
So it looks like now I have to setup my own server to exchange LINE access token to Firebase custom token. In my server, I first verify access token and grab the LINE user profile, then I create a custom token, but there I have to decide a UID, which I have to use some pattern like LINE:${LINE_UID}. This looks like some hacking, is there a better way?
Admin API to create custom token only accept UID or optionally a user claim, I have no way to set its display name or some other basic info. So if I directly send the token with UID like LINE:${LINE_UID} to a client, then the client logInWithToken, it will create a user without display name if it doesn't exist. The only workaround I can image is, in the server-side, generate the LINE:${LINE_UID} and look up it in Admin API, if it doesn't exist, then I create a user with a proper display name. This looks again not so good, because the document said if you do logInWithToken, it will create one if it is not there, and we cannot use that because I want to set it's display name when it is created. Any better solution?
I want to link a user with multiple auth provider. I saw in the Firebase JWT, they are well included, that is cool. But those linked elements are user profile get via credential. So can we link a user to a LINE login? Which is not built-in Firebase Auth Provider? Is auth provider linking only valid for Firebase built-in provider?
Regards,
Xiang.
You're asking way too much in a single post, which makes it hard to help. I'll try to address below, but please follow the advice on How do I ask a good question going forward.
The general approach for adding LINE as an authentication provider is shown in this blog post: Authenticate your Firebase users with LINE Login. There is also a example, which shows how to use Cloud Functions as the server component for this. If you get stuck implementing those for Flutter, post the minimal, complete/standalone code that reproduces this issue.
The client side api: logInWithCredential can ONLY work with Firebase supported login methods, and you have to enable them in your Firebase console. Am I right?
Nope, you're wrong. You can also provide your own sign-in provider for Firebase, and use the tokens you mint there with the Firebase Authentication SDK.
This looks like some hacking, is there a better way?
The UID can be whatever you want, but you'll have to ensure it is unique. A common way to ensure global uniqueness is to embed some identifier for the provider in the UID. If you prefer another way to ensure global uniqueness, you're free to use that too of course.
I have no way to set its display name or some other basic info [when creating the account]
This is indeed a common problem with some providers, as you for example can't set the display name for the email+password provider until after the account has been created. With a custom provider you can put whatever information you want in the initial JWT already though.
can we link a user to a LINE login? Which is not built-in Firebase Auth Provider?
See Linking custom auth provider with Firebase
Late to the party .
but This article helps you which I publish on Medium.
I'm using A Flutter plugin LINE's native SDKs in Flutter apps with Dart. The plugin helps you integrate LINE Login features in your app. You can redirect users to LINE or a web page where they log in with their LINE credentials. package
Also, I make a git hub repo for the same.
Did you check out the firebase_auth plugin? It has lots of helpfull features.
https://pub.dev/packages/firebase_auth

Angularfire - Get email by uid? #askfirebase

I have an Ionic application using Firebase so I opted to use Angularfire. Currently running Angularfire4. In my application I store the uid and I want to get email related with that uid. I use the email/password login provided by firebase. How can I translate the uid to an email?
The only method found is when using nodejs.
The only data that is exposed in the client-side Authentication SDKs is the profile of the currently authenticated user.
There is no way to look up user data for a UID with the Firebase Authentication client-side SDKs. While admittedly convenient, it would make leaking user-data way too easy.
The only way to look up user data by UID is using the Admin SDK that you found. The idea is that you run those in a trusted environment (e.g. a server you control, or Cloud Functions) and selectively expose the user data that your app needs.

Resources