How do I know if a user is logged in after a page reload (by cookies)
middleware :
The result, whether logged in or not, is:
but :
Related
With Firebase.auth(), how do I refresh/refetch the user if the auth state hasn't changed?
I have an user who is authenticated with a phone number. I send an email verification link to the user who clicks it. The link verifies the user email (updates the record), and shows a "continue" button which leads back to the app (via deeplink). When back on the app, I want to refretch the user record from Firebase so I can see if the user email is verified. How do I do that?
On the User object you get back from the auth state observer, you can call its reload() method.
you can update information about an existing user by User information update in firebase and if a user wants to add some new information after authentication so check UserRecord.UpdateRequest
refresh the user data
reload ( ) : Promise < void >
Refreshes the current user, if signed in.
I'm working on a app which uses Firebase Auth to signup and login, but I'm facing some things which I don't know how to start. Users need to registrate on a website and they need to pay a subscription before the user is created in firebase, when they don't pay anymore, the user account should be disabled. So basically, users registrate on the web and after they pay, they can log into the app with their credentials.
Edit:
Since yesterday I'm trying to implement either mollie or stripe, but I can't get myself started, online there are very few video's about payments in combination with firebase
There are basically two ways off the top of my headto do this:
A) Secure but it involves cloud function and creating custom authentication token to login.
User registers with email.
User keys in login information and posts to cloud function.
Find user's uid/email and check for password.
Fetch the subscription document and check if it is active.
If it is inactive, return an error message accordingly.
If it is active, create an authentication token and return to user to login.
B) Client side checking, less secure but will do the trick.
User logins
Fetch subscription using user's uid. Check its validity
Force redirect user to subscription page if it is inactive with
error message. OR Autologout user if it is inactive with error message.
May I also suggest Stripe for their subscription service (Not sponsored)? Unless you already have an implementation in place.
The scenario is, we have a website which for some web notification we're using web push and after user login into the website we check that if he/she granted notification permission to us we don't ask it ,if not we ask to enable notification, The generated Token is per browser I mean if the user log-out and another user login to our website previous Token available for the new logged in user, So if we want to notify the previous user, the new user got our notification.
The simple solution is on Logout delete the token and after each login we should ask user to grant permission again to us but it's bothering user, I have an idea when user login to the site, we check that previous user was herself/ himself, we do nothing , but if there is another user, without asking to grant permission again(while we asked them before) we refresh the token , I mean regenerate another Token for him/her and save that Token in our backend, My question is How can we regenerate the Token without asking again to grant Notification permission in the Browser?
You can't regenerate the token without revoking permission.
However you can use the same strategy that we have used for Pushpad:
each token (i.e. browser) in your database is present only once
each token has at most one user ID associated to it
when the user logs out you remove the user ID from the token
when the user logs in you add the user ID to the current token
when you need to send notifications you target specific user IDs
I need to refresh the user linkedin access token without them having to go through the initial authorization process all over again. I have also looked at this documentation http://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens, but It doesn't work because my users authorize the app through regular OAuth and the article uses the JS OAuth. (Not sure, if there is a difference between two processes, and if there is a difference between access tokens received from each process). Even though, I'm already logged in another tab on the same browser,
it always prompts me to login to LinkedIn.
If I try IN.User.isAuthorized() it returns false though I'm logged in into LinkedIn and I can't seem to be able to refresh the token.
If I pass the user LinkedIn access token from my server to the JS and the user LinkedIn id IN.User.isAuthorized() always returns true even when I'm not logged in
So what I'm trying to ask is, is there a way to refresh the user linkedin oauth token thorguh JS when the user is logged in to linkedin on the same broswer like we are able do for facebook ? and what is it ?
You cannot refresh the token without the member being at your application.
If you want to refresh the token, the member needs to be there and you need to direct them through the authorization page. If they're signed in to LinkedIn, this will be a seamless refresh and we'll redirect page to your application.
What is the right way to find out if a user has logged in to Flickr? I have an iframe in my application which lets user's download their images from Flickr. But if the user is not logged into flickr, then flickr redirects me OUT of the iframe to the yahoo home page.
I would like to do the following:
- Check if the user has logged into flickr, if he has, then download his images in the iframe.
- Else, open a new browser window which will let the user enter his flickr login credentials.
Any suggestions from the experts?
You should use the Flikr API. You need to setup proper flikr authentication in your app. According to the docs, the authentication should flow like this:
Our web based app has the api key
'1234567890'. It has already
registered a callback url for this key
- 'http://viewr.com/auth.php'.
User visits http://viewr.com/ and clicks on the 'login' link.
This link points to http://flickr.com/services/auth/?api_key=1234567890&perms=read&api_sig=2f3870be274f6c49b3e31a0c6728957f.
The user is already logged in to flickr - they are asked if they wish
to allow the application to have
'read' permissions to their photos.
The user clicks 'yes' and flickr updates it's auth database.
The user is redirected to http://viewr.com/auth.php?frob=abcxyz.
-The app makes a background call to flickr.auth.getToken:
http://flickr.com/services/rest/?method=flickr.auth.getToken&api_key=1234567890&frob=abcxzy&api_sig=3f3870be274f6c49b3e31a0c6728957f.
The call returns an auth token '334455'.
The application stores the auth token and creates a session for the
user with a cookie which points to the
user's auth token.
The application makes a background request to the flickr.people.getInfo
to return information about the user,
by calling
http://flickr.com/services/rest/?method=flickr.people.getInfo&api_key=1234567890&auth_token=334455&api_sig=4f3870be274f6c49b3e31a0c6728957f.