I want to create accounts via Firebase that only create a UID of the user. No password and no email should be requested. The user should be able to delete the app and if he downloads it again, still be able to access his UID and the associated data. In addition, this registration should never expire and the UID of the user should always remain unique and not be overwritten.
Is there a tool in Firebase that can be used to do this?
What you're describing is known as an anonymous account in Firebase, and you can create one with a single call as shown in documentation for iOS, Android, and Web.
Related
My app makes the user create a new anonymous ID automatically when downloading the app and when the user logs in, for example, by Facebook, the app change UID.
The problem is when I call FirebaseAuth.instance.signInWithCredential, It creates a new UID or change to UID that links to this credential, and the anonymous ID is never deleted. If many users relogin this app, many unuse anonymous ID and data will be garbage in firebase.
I have an idea to store UID in a variable, and when sign-in is successful, I delete using that UID, but firebase allows delete UID only current account. How can I solve this?
It sounds like you want to allow a user that you signed in anonymously to upgrade to an identified account. The idiomatic way to do that is to link the Facebook account to the existing anonymous account, so that the UID remains the same. To do this, follow the process described in the documentation on account linking and in the FlutterFire documentation on linking user accounts.
I wanted to create website where I have separate Sign In and Sign Up form. I also want to have Google authentication with Firebase.
I've implemented it like this both on sign in and sign up page:
await FIREBASE_AUTH.signInWithPopup(googleAuthProvider);
But this code will always create new user.
What I would like to do is to block creating new user on sign in page, only log them in if user already exists (e.g. as I require terms of use consent on sign up page, but I don't want to require it on sign up page - it would be quite weird)
There is no way in Firebase Authentication to prevent users from signing up, while still allowing them to sign in if they're already created. The reason for this is that Firebase Authentication merely focuses on allowing users to authenticate themselves, so to prove who they are by providing credentials. What they can then do in your app is known as authorization, and is up to you to implement in your front-end application code, back-end application code, and server-side security rules.
For example, if you use one of Firebase's databases (Cloud Firestore or Realtime Database), you'll typically maintain a list of approved user's in that list (either their email or their UID). Then before granting the user access to specific screens in your app or data in your database, you check if the users exists in that list. If not, you don't grant access to the screen or data.
I don't see an issue here, when a user uses google auth when they already have an account it will create a new account with their in some cases new data he might have changed in his google account.
In case your users hold other data in your database I'm pretty sure there's a google auth API for that issue.
I signed up a user in my Flutter app using FirebaseAuth.instance.verifyPhoneNumber(). This works perfectly and the user shows up in my Firebase Console.
FirebaseAuth.instance.currentUser() now returns the user for me whenever I open the app. Should I store user info (age, weight etc.) here, or should I create a users collection in my Database and link the currentUser().uid in there?
Also, should I store it on the Database linked against the uid, or linked against the login info. For example, link a user to the phoneNumber and not the uid. Because if you ever delete the user, but they want to register again, then they will get a new uid, but their phoneNumber / email will still stay the same and can therefore still link to their old data.
You can't add arbitrary data to the Firebase Authentication user profile. So you should store the additional data in a database, and indeed associate it with the UID of the user, so that you can easily look it up. This also allows you to implement searches for users more easily, as the client-side Firebase Authentication SDKs have no functionality to look up data for any user but the currently signed in one.
To the additional question: if a user deletes their account from your application, you should respect their wishes and delete the additional data that you store for them too.
I know UID is used because it is unique. But in my app, all of them are registered with Google ID, Google ID is also unique. Should I use UID?
yes it is better to use the uid.
From the docs:
You can let your users authenticate with Firebase using their Google Accounts by integrating Google Sign-In into your app.
So after you authenticate the users, the uid will be in the authentication page in firebase. That id will help you later in the firebase database also and it is easier to use and add in the database.
Can easily be gotten using this:
FirebaseUser user=FirebaseAuth.getInstance().getCurrentUser();
Then you can use the method getUid() to get the userid. So using it will make the work easier for you.
From the docs:
After a user signs in for the first time, a new user account is created and linked to the credentials—that is, the user name and password, phone number, or auth provider information—the user signed in with. This new account is stored as part of your Firebase project, and can be used to identify a user across every app in your project, regardless of how the user signs in.
Also check this link: https://firebase.google.com/docs/auth/android/google-signin (Next Step section)
I'll suggest you use email ID instead of UID because if the user account is deleted from your Firebase Auth (either you delete it using Admin SDK, or perform a manual deletion on console), the next time user signs in with the same email ID will now give you a different UID and therefore all of your data in your database which rely on your UID won't be accessible.
However, you can't use use an email ID as it is, because Firebase key doesn't allow you to use . (dot) as keys, so just replace your . with a ,. You can find more information here.
TL;DR
Use email ID as it will always be unique unlike UID which gets generated every time a user signs in if that ID was previously deleted on Firebase Authentication server.
I've been trying to find a way to figure out if a user is already created with the same email in Firebase, and it doesn't seem like it is possible.
This basically means I will need to save the email for every user and check in the Firebase database if the email is there already.
Is there really no other way?
I see all these posts with... how to link a user with another auth provider, but there is no way to know if the user with the specific mail exists already...
You cannot link an existing account to another account. You can only link a new account to an existing one. If you wish to check if an email of a new account already exists before either creating it or linking it to the existing account.
You can call https://firebase.google.com/docs/reference/js/firebase.auth.Auth#fetchProvidersForEmail
If the email provided already exists, it will return an array of the provider ids. You then sign in the user to the existing account and link the new account to it.
fetchProvidersForEmail will work as expected when multiple accounts per email is disabled in Firebase Console(default behavior unless you are migrating from Firebase v2).