My firebase application involves uploading users via CSV on our platform which then adds users accounts to firebase. This has been fine for handling Google / Microsoft based accounts since these accounts are able to be linked with the existing records automatically when a user signs in.
However, I recently added a custom Open Id Connect application through OneLogin, and these accounts are not treated the same. If users are uploaded the old way, they can not be linked to this provider and users cant authenticate.
Is it possible at all to automatically set an identity provider to an account? Or does it require a successful authentication through that provider?
Related
I intend to develop an application using firebase authentication.
Companies will be able to sign up and in turn create accounts for their employees.
There will therefore be a "master" account which will be able to manage the operators (add them, modify them, disable them and delete them) and then the "employee" account that can use the platform.
I would like it to be possible that the master account, by entering the client id and the secret key of their oAuth server in a hypothetical administration dashboard, would make it possible for its employees to access with google.
The question is this, would it be possible to manage multiple oAuth servers (from the same provider, e.g. Google) in the same Firebase project?
Thank you in advance.
I'm working on a project created using Identity Server 4 for authentication, an API application that handles all the data and business logic and a client web app.
The IdentityServer project uses a different database for managing the users of the app and the API project has a copy of that table that gets synced with the one from IS when the user logs in.
The problem I'm facing is this:
When a user confirms his email the information is handled by IS but until his first login, the user appears to have his email unconfirmed in the API project.
How can I solve this without coupling the IS project to the API one?
I see various way to handle this.
Use messaging system to sync data (Users and it't update) between both the database.
Access DBContext of API project into the IS to manage users.
Or even simply have api to give updates to API project upon first login.
I developed two different Flutter applications. An Admin Version and another Client Version. I would like to use the same login (auth) and access to Storage for both Apps.
It's definitely possible to access the same Firebase project from two different apps. In fact, when these apps are locally part of the same "application", that is actually an intended use-case.
A few things to keep in mind though:
Firebase Authentication does not have the concept of an administrator user. It "merely" authenticates the user, allowing them to sign in with their credentials. Any administrator logic is specific to your application, hence often referred to as an application administrator. You'll typically want to flag application administrators, for example by setting a custom claim on their accounts.
Not all functionality that the application administrator may need is going to be available in Firebase's client-side SDKs. A common scenario is that the administrator should be able to create accounts for other users, where the client-side Firebase Authentication SDKs don't support this logic. For some more information on this, and how to solve it, see Firebase kicks out current user and my answer with many links here How to create firebase admin user for authentication in java. In a nutshell: you'll have to use the Firebase Admin SDK, in a trusted environment, for some of these operations.
You then secure access to Cloud Storage by writing security rules. For some examples of securing access based on the user, see the documentation on securing user data.
I have a Web API and an Azure Web App that access the same database. This database has all user information. I'm using ASP.NET Identity for user management. I'm having an issue where when a user is created by the web app the Web API requires a restart, or at least a relatively long while before the user becomes authenticated by it. This, of course, is entirely impractical. How can I update the environment immediately on the Web API so that the user can access their resources?
UPDATE 3:
Turns out it WAS authenticating with the API, but I didn't hold the correct claims because my user was not associated with a Google account. See Answer below.
Wow. Nevermind. We require Google accounts to sign on one kind of client, and we SHOULD require it on the web client, but I haven't set that up yet. If an account is set up without an associated Google account, AND that email has a Google account set up on the client then it will try to authenticate with those Google claims that don't exist in the DB. So while I CAN authenticate with that claim through the Google SSO, there are no claims set up in the DB, resulting in 401 errors. Authenticated, but unauthorized.
This means my auth filter is probably misconfigured because it should not authenticate with Google if my account does not have an associated Google account, no matter what my client requests. It also means that I need to refactor my SPA on my Web App that statically calls for Google authentication with the API.
Working on an asp.net website. We would like the ability to upload data from our website to QuickBooks. Problem is users of this website will ALL have different QuickBooks online accounts, thus our website must be able to communicate with multiple QuickBooks accounts. Is this possible?? Also, can we do this without each user setting up a QuickBooks app and getting a consumer secret, consumer key, and security key???
Thanks
Problem is users of this website will ALL have different QuickBooks online accounts, thus our website must be able to communicate with multiple QuickBooks accounts. Is this possible??
Yes, of course.
Also, can we do this without each user setting up a QuickBooks app and getting a consumer secret, consumer key, and security key???
Yes, of course.
You should be setting up ONE application. Then each individual QuickBooks Online company file has their admin user go through the connection process, giving you a different access token and access token secret for each individual QuickBooks Online company that you want to access.