I am trying to authenticate the user with phone number using firebase through sendVerificationCode API. It is expecting phoneNumber and either of (iosReceipt and iosSecret) or recaptchaToken or safetyNetToken.
My app is on the Web, Android and also in IOS. I don't want to depend on the front-end to generate recaptchaToken or some other things. All these apps should just call one custom API with just phoneNumber and it should sendVerificationCode to the user. I am trying to implement a wrapper API to sendVerificationCode.
Can anyone help me with how to achieve this? Am I going on the right path?
Thanks in Advance!
Source: https://cloud.google.com/identity-platform/docs/reference/rest/v1/accounts/sendVerificationCode?hl=en_US
Related
I am working on a flutter app with a firebase backend and I can't find any documentation for what I'm trying to do. I am trying to have a user of my app (whose information is presumably stored in a FirebaseUser class) get their identity verified server-side and then if the identity is a certain user (verified by firebase serverless), they will be allowed to make a post to the db. The firebase documentation has stuff for android, ios and web but not for cross-platform flutter development. Can someone please point me in the right direction? I'm a little lost. Thanks!
Using Firebase with GCP will provide you this Server-Side authentication that you are asking for - so you don't need to worry. :)
If you just want to follow that, I would recommend you to take a look at the documentation from Firebase that talks about authentication. You can access this documentation in the below link.
Firebase Authentication
In case you indeed, need to use a private Server, I would recommend you to take a look at the below question that is already answered, about using a private server with Firebase. It should really help you achieve your goal.
Firebase authentication for private server
Let me know if the information helped you!
I am building an app in VueJs and I am looking for the best way to do the authentication part, there is an API in progress as well that will need token verification for protected end points.
I would like to know if is possible to integrate Auth0 to Firebase in a way that Firebase is the main center of communication between the VueJs app and Auth0 (the same thing with the API -> Firebase -> Auth0).
I am asking this because I would like to know exactly if I can save some lines of code and performance using Firebase tools to get what I need from Auth0 without connecting directly to Auth0 API. Also I would like to use Fire Store to save the tokens I get from Auth0.
is possible to have this kind of architecture?
Here is a diagram for a better understanding of the wished result, hope is not confusing.
https://ibb.co/68tpw8L
Thank you!
These links are the closest solutions I found thru Google.
But according with the info I found you can do this but using Auth0 as my main gateway but I want all the contrary, using Firebase as the main gateway.
https://firebase.google.com/docs/auth/web/custom-auth#before-you-begin
https://auth0.com/docs/api/authentication#delegation
https://firebase.google.com/docs/web/setup
https://auth0.com/blog/developing-real-time-apps-with-firebase-and-firestore/
Auth0 has deprecated the /delegation endpoint which is used to get the token for third party vender.
https://auth0.com/docs/migrations#api-authorization-with-third-party-vendor-apis
As a workaround, use the firebase custom token authentication mechanism. https://firebase.google.com/docs/auth/admin/create-custom-tokens
https://firebase.google.com/docs/reference/js/firebase.auth.Auth.html#signinwithcustomtoken
To create a custom token, you can use the firebase function if you do not have a backend server.
The entire flow is described in the following auth0 blogs with a complete project.
https://auth0.com/blog/how-to-authenticate-firebase-and-angular-with-auth0-part-1/
https://auth0.com/blog/how-to-authenticate-firebase-and-angular-with-auth0-part-2/
I want to develop an Ionic app for android and ios using firebase backend.
Requirement:
1. I want to use anonymous authentication silently so that user does not have to be worry about login.
2. I just want to display list of some items on the home page using Firestore api.
Question/Problem:
1. How does firebase will get to know that only the my app using the firestore get api.
2. If I am storing api credentials/secrets in my android app and if other user somehow knows these credentials, will that person be able to use api on behalf of my credentials and I will not be able to track the usage.
Top Level:
If someone know my firebase api credentials/secrets, will that person be able to utilize my firebase quota in case I am using firebase anonymous authentication.
Thanks in advance.
The settings you use to initialize the Firebase SDK are not "secrets". It's all very much public information that identifies your app from all the other Firebase apps out there. Every Firebase app has a similar set of public data. Once you publish your app, you should assume that everyone is able to see that data.
This means that anyone can use that data. That's why it's important to use Firebase Authentication along with security rules to make sure that people logged in can only make use of whatever resources you specify. That's the only way to lock down the data in your Firebase project. If you are concerned about security, then you should be thinking about your security rules from the very beginning.
I have a Firebase project, which I'm currently using with android. I need to programmatically fetch details of the users authorized along with the UID, Email, etc. Exactly the way it is shown in firebase (with the search), this web portal will be given to the vendor or the person using it to verify the user's authenticity.
I've attached the screenshot from Firebase, I'm hoping to replicate it the same way with the search. If this is possible, how do I go about doing this?
It's not possible to list users from an Android app, using only the Firebase Authentication SDK. You can list users using the Firebase Admin SDK, but that can only be run on a backend you control, using service account credentials for your project.
It might be easier if you store user info in a database, to be queried by client code, rather than try to have your app try to access auth data directly.
My project is Xamarin.Forms PCL for Android and iOS.
Current stage is:
I'm able to get LinkedIn authorization(with Xamarin.Auth - OAuth2Authenticator),
and get user info from LinkedIn - Android Project.
What I would like to do:
After authorization, SignIn/LogIn to application using FireBase - in other words integrate OAuth with FireBase?
Is it possible?
I'm not sure if I'm going in good direction, or if I'm thinking right.
Thanks
If you are using an unsupported provider (eg. LinkedIn), you will need to use custom authentication. You would verify the LinkedIn sign in on your server, mint a custom token using Admin SDK: https://firebase.google.com/docs/auth/admin/create-custom-tokens, send the custom token to the client and complete sign in using signInWithCustomToken. This is also available via REST API: https://firebase.google.com/docs/reference/rest/auth/#section-verify-custom-token