Is it possible in the Microsoft Authenticator app to retrieve the QR-code or the matching token that I once scanned for a account? I want to re-use it to add the account to a different app for 2FA.
Related
I am using firebase admin sdk on the server to generate sign in links and send them out via custom SMTP api.
I just glanced at https://firebase.google.com/docs/auth/limits and I am well within these, but I believe there is nothing stopping a malicious third party from creating/requesting sign-in links via front end code. Is there a possibility to disable this functionality so it is only available to admin acc?
Additionally, I'd like some emails (i.e. multi factor enrolment) to not be possible, but again, given that someone can obtain some of my firebase front end details, they technically can send these?
You can restrict the API key from accessing an API (e.g. Identity Toolkit) but not disable a single method of the API for client.Sign up and delete user can be (that requires upgrading to Identity Platform) .
Firebase generates an API key when you add a web app. You can either update that or create a new key from API Credentials console.
You can then restrict what the API key in Firebase web config has access to:
However, Firebase Auth Client SDK will not work as Identity Toolkit is not selected. You'll have to proxy the requests through your backend and use a different key that can be used from your server's IP only.
Firebase Admin SDK will still be functional as usual so you can use that to perform other operations like updating/deleting users. You'll just have to write APIs on your backend for what could have been done using client SDK directly (or use Admin SDK when possible).
It might be a lot to update and I would not recommend unless you are facing rate limiting issues where Firebase Support should be able to help.
I have 2 ASP.NET Core sites:
allow multiple users to sign in to the Microsoft Identity platform then cache their tokens in SQL Server
load the tokens to subscribe and receive Microsoft Graph change notifications, e.g. subscribe to calendar event changes in the default calendar of each signed in user.
Microsoft has a sample project that sorted out my token caching/loading need: Accessing the logged-in user's token cache from background apps, APIs and services.
For Microsoft Graph change notification, there is a REST API, but I'd like to know if there is a way to subscribe in the Microsoft Graph SDK.
The sample project shows a way to use ConfidentialClientApplication to load the token, this is fine as long as I stick to the REST API by attaching the bearer token in the header. However, I'd like to use the SDK so that I don't have to recreate all the classes to deserialize the response, plus all sorts of other data I need to get from Microsoft Graph after receiving the notification.
Microsoft officially has a user-use Microsoft Graph client library for .NET (SDK), which is used to call Microsoft Graph. You can refer to this official document.
https://learn.microsoft.com/en-us/samples/microsoftgraph/aspnetcore-webhooks-sample/microsoft-graph-change-notifications-sample-for-aspnet-core/
I need to send product details to Google shopping Content API but for using that i need to generate oAuth token with refresh token throgh Azure data factory.I have generated service account and client-secret json .How i will do it through function app?
Firstly, we need to understand that functions should not be used to do UI-related actions. In any app service the pop up for the login ( which allows to provide the credentials) will not be supported.
E.g. : To avoid this scenario , in case of AD auth we may use service principle where we feed the required credential to acquire the token. So if we want to use the google auth SDK we need to connect to the concerned team ( Google team) to understand if this is feasible at all.
For this you may check the Server-To-Server Service Account Authentication, as below:
https://cloud.google.com/docs/authentication/production
In case you need any assistance in this, we would recommend you to reach out to the concerned support team.
I developed an app to test the google login feature using flutter and google authentication. The project is a closed project and only I have access to it. But recently I saw that there was a google sign in from an unknown Email ID. How did the user login without the build of my app? Has my account been hacked? What is going on?
Anyone with knowledge of your project's API Keys can access your Firebase Project using simple CURL Commands.
This is why it's a good idea to add restriction to those API Keys
In case you haven't, go to https://console.cloud.google.com and
Select your project
Click the menu icon at the top left (hamburger icon)
Go to API & Services and then credentials
You can view the APIs for your Google Cloud Project (linked to your Firebase Project) and then set restrictions for the API keys, refresh them or restrict access to specific platforms like Android or iOS.
You can also set restrictions on which components of Firebase the API key is allowed to access. For example, if your project doesn't require the use of Cloud Firestore, you can ensure that the API Key cannot be used to make calls to the Firestore Database
All said and done, I would still recommend that you shoot a mail to the Firebase Support team at https://firebase.google.com/support/troubleshooter/contact
To anyone still wondering about this:
If you provide a native google sign in and the registered
email adresses look like this:
karolynmccorkle.91842#gmail.com
normabrock.69306#gmail.com
guillermogeorge.53163#gmail.com
kylegomez.35423#gmail.com
opalbarrett.09499#gmail.com
they are probably test accounts used to generate Google Plays Pre-Launch reports.
You can read about it in the Play Console Help here.
If your app has a sign-in screen and you want the crawler to test the
sign-in process or the content behind it, you need to provide account
credentials.
Note that you do not need to provide credentials if your
app supports "Sign-in with Google,” which enables the crawler to log
in automatically.
I have a Firebase project, which I'm currently using with android. I need to programmatically fetch details of the users authorized along with the UID, Email, etc. Exactly the way it is shown in firebase (with the search), this web portal will be given to the vendor or the person using it to verify the user's authenticity.
I've attached the screenshot from Firebase, I'm hoping to replicate it the same way with the search. If this is possible, how do I go about doing this?
It's not possible to list users from an Android app, using only the Firebase Authentication SDK. You can list users using the Firebase Admin SDK, but that can only be run on a backend you control, using service account credentials for your project.
It might be easier if you store user info in a database, to be queried by client code, rather than try to have your app try to access auth data directly.