We have an existing registration flow which uses Auth0 passwordless authentication with phone number, I now want to add google SSO as another registration option.I also want users registered with phone number to link their account. I am looking for suggestion in how to do this. I am using graphql api and next.js.
Related
I developed a ionic 5 angular based mobile app that uses firebase authentication. I currently use email based login and now i want to switch to phone number based one. Is there any option to verify all the already registered users's phone number using firebase or any other service?
There is no way to change the authentication type of an existing account. But what you can do is also allow the user to sign in with their phone number, and then link the phone number credentials to their existing account.
For full details on how to do this, see the Firebase documentation on linking multiple auth providers to an account.
How can one use Firebase to SSO into some product?
Firebase is a federated IdP, meaning, they handle the auth flows for other IdPs, ie Google, Facebook, Twitter, etc.
So how can I set up a product with SSO that is expecting some kind of Auth flow, ie OIDC, SAML, when FireBase doesn't necessarily do that? Note, I am comfortable building my own login pages and using the FireBase SDK, I'm just not sure where to start.
Let's take Google for example. I can easily setup Google SSO for my product. I just generate a client ID/Secret in the Google Dashboard, and then use Google's OAuth flow.
My product initiates the login and redirects to Google for logins
Google identifies my user and redirects to my product's callback URL
Done, user is logged in
How would I do the same thing in FireBase, which is a sort of middleman between my product and Google?
If you have your own user auth system, and you want to integrate that with Firebase Auth for the purpose of creating accounts that integrate with other Firebase products, you can write a custom authentication provider. Your backend will take the user's credentials and create a custom auth token that the app can use to sign in the user.
I want to be able create calendar events in my Action that runs through Google Assistant.
Right now I was able to modify this Quickstart guide (https://developers.google.com/calendar/quickstart/nodejs) and use it in my current Dialogflow fulfillment. However, it's a little tedious to have the user have to copy and paste the authentication code after allowing Google Calendar access. Are there any better ways to do this that doesn't require the copy-paste flow? Thanks in advance!
Use Account linking with Google Sign-In
https://developers.google.com/actions/identity/google-sign-in
Then send a card to the user device with a link to authorise Google Calendar access. Store the authentication code securely against the user. Use the authentication code to make requests.
Broadly speaking, the approach you can take is to use Google Sign-In, as outlined in this SO answer: Google Home Authorization Code and Authentication with Google Account.
With this scheme, you use a website to get the user to authorize your use of the Calendar API scope, and you store the auth token against their UserID. Then you use Google Sign-In with the Assistant to get that ID. This works well if they go to your web page first, but not as well if they go to the Assistant first.
You can also setup an OAuth server that lets users sign-in using Google Sign-In on a web page (or use something like Auth0 and, as part of that sign-in, get authorization for the Calendar scope. Then use OAuth Account Linking in the Google Assistant to get an auth token which you can use to get the user's ID. You can then use this ID to lookup the authorization token.
I am building a web and mobile app using firebase. When signing with Google, firebase auto creates a new account in the project (Auth) if one does not exist. Its fine with the mobile app.
But with the web, I just want existing users (who created accounts with mobile app) to signin and not create new accounts via web.
How do I setup firebase not to create new accounts if one does not exist?
There isn't a way to restrict social sign-in with Firebase Auth to "only sign in, not sign up".
If you have a means of detecting users that have signed in using the app at some point (e.g. by writing a value to your database in a specific location), you could check for that value when signing in via the web, and, if missing, display a screen encouraging users to install the mobile app.
I think this is what you are looking for:
Link Multiple Auth Providers to an Account Using
JavaScript
You can allow users to sign in to your app using multiple
authentication providers by linking auth provider credentials to an
existing user account. Users are identifiable by the same Firebase
user ID regardless of the authentication provider they used to sign
in. For example, a user who signed in with a password can link a
Google account and sign in with either method in the future. Or, an
anonymous user can link a Facebook account and then, later, sign in
with Facebook to continue using your app.
I'm using .NET backend on Azure Mobile Service. It's easy to set up authentication with social identity provider, so that the client can use e.g. Facebook iOS SDK to login, as illustrated in the official tutorial
In custom authentication, as I need to maintain my own Account table according to the official tutorial, I have full control over the registration & login.
I'd like to have a centralized User table to store information about all users, no matter which channel they used to authenticate.
My question is, is there a way for the .NET backend to be notified when a user register or login with a Facebook token? So that a new row can be added to the centralized User table even when the user is using Facebook to authenticate?
Thank you!
Yes - the User.GetIdentities() method contains the token and mechanism that was used to authenticate the user. You can use this to update your table. For an overview of how to use this token, see this blog post by the team: https://azure.microsoft.com/en-us/blog/custom-login-scopes-single-sign-on-new-asp-net-web-api-updates-to-the-azure-mobile-services-net-backend/