I am using AWS Amplify (Auth) and I want to get user details with only username(email).
Is there any way to get user details before signing in?
I am following these docs: https://docs.amplify.aws/lib/auth/getting-started/q/platform/js/
You can get the user info by going to the Amplify AdminUI -> User Management and typing the username (email) of the user.
Now you have the unique id. of the user. Depending on how you setup your DynamoDB, you can use either that id you found or the email to search for the user. For example you could create a lambda function that at user signup creates an entry on DynamoDB and the id is the same as the one you find on User Management on Amplify AdminUI or it could be the email... up to you.
Specify User Details. Are you talking about the current logged in user or ANY user in your congito user pool?
Current User: just use Auth to get all the information available for the current user. https://aws-amplify.github.io/amplify-js/api/classes/authclass.html
Any cognito user: I think still need to build something yourself for that matter. You could create a lambda function and use the admin queries in that function to filter out "public" information about users or what so ever. https://docs.amplify.aws/cli/auth/admin/#admin-queries-api
You can also build lambda triggers for cognito if that already helps you. https://docs.amplify.aws/cli/usage/lambda-triggers/
Related
I use Flutter and Firebase, just ask myself how to allow users to add items to cart when they're not logged in yet and keep the cart when they logging in, anyone have an idea for this ?
On Firebase you'd typically start the user off with an anonymous authentication account. With that sort of account, Firebase generates a user ID (UID) for the user, without them having to enter any credentials. You then associate the cart/items with the UID, and then when you/they are ready to identify themselves, you can sign them in with another provider, and link that to the anonymous account.
I've provided links to the documentation for Android developers above, but the same functionality is available in the FlutterFire libraries too. For example, anonymous sign-in on Flutter is as simple as:
UserCredential userCredential = await FirebaseAuth.instance.signInAnonymously();
you can store this data in a separate database SQL lite as an example
I am creating an app for a client working in advertising for artists.
This app consists in a dashboard supposed to display several informations plus the artist's name.
I'm using Firebase to provide my client a simple interface to add the artists accounts to a database, but I would like him to set their name, ideally without implementing a back-office.
Is there any way to add a displayName to a Firebase Auth User without code, hence directly with the website interface ?
No, there isn't way to change user's displayName in Firebase Auth object and only the user can change their name using the client SDK. You would have to use Admin SDK using Cloud functions or a server to do that.
You can however update the name in database and make sure the user trying to update the name is authorized by using Custom Claims or storing their UID in database and checking that in security rules.
One hack would be to check if user's name in database matches the name in Firebase Auth object. If not, run a function which will update it.
That's my question. I am using Hasura, and defining 'user' permissions.
Users are of course allowed to modify their own information, and not allowed to insert new records into my users table.
But when they signup, they should be allowed to insert themselves. So how can I define this permission?
To make my scenario more clear:
I have a React app, that uses an external OpenID provider. So a new user signs up there, and the provider returns a JWT to my app, containing a user I've never seen before.
My app does not know that, it just uses the access token to send to the Hasura backend to retrieve further info about this user, using the 'user' role. But it uses a query which will automatically insert the user if not found.
There's really not a safe way to allow sign-ups without involving a backend service. It is a very bad idea to allow anonymous inserts into your user table, even if you added a unique constraint against a user ID or email address.
If you have the option of using NextJS, see the Hasura example for configuring NextAuth. This works by configuring your app with a protected API route that uses your Hasura app's ADMIN_SECRET to insert new users who have authenticated with a third-party.
If NextJS isn't an option, Hasura's Auth0 example similarly uses a callback method to insert an authenticated user if they don't exist.
In the user table, for the user role, you need to add a permission with custom check. And the check should be user_id equals x-hasura-user-id.
{"id":{"_eq":"x-hasura-user-id"}}
For non-logged-in users, leverage the anonymous role by setting the permissions that make sense for your use case: https://hasura.io/docs/1.0/graphql/manual/auth/authorization/common-roles-auth-examples.html#anonymous-not-logged-in-users
Edit after the comment:
Ah, I see. When the user comes to your app, your app goes and retrieves some data that it expects every user should have (for example perhaps the user info store on the user table). But since it's a new user, this info is not there.
At this point, your React app knows that:
there's someone with a legitimately signed JWT cookie (use a library to verify the signature) and
there's no user info from the backend. Therefore, the React app shows
a "Welcome new user, wait while we're setting up your account".
Then
the React app makes a mutation to a signup Hasura action you'll
prepare. Once that returns, you proceed as usually (redirect the user to their home page).
use hasura action handler instead. Inside your handler, do a check if the user already exists or not. If not then insert a new row.
I signed up a user in my Flutter app using FirebaseAuth.instance.verifyPhoneNumber(). This works perfectly and the user shows up in my Firebase Console.
FirebaseAuth.instance.currentUser() now returns the user for me whenever I open the app. Should I store user info (age, weight etc.) here, or should I create a users collection in my Database and link the currentUser().uid in there?
Also, should I store it on the Database linked against the uid, or linked against the login info. For example, link a user to the phoneNumber and not the uid. Because if you ever delete the user, but they want to register again, then they will get a new uid, but their phoneNumber / email will still stay the same and can therefore still link to their old data.
You can't add arbitrary data to the Firebase Authentication user profile. So you should store the additional data in a database, and indeed associate it with the UID of the user, so that you can easily look it up. This also allows you to implement searches for users more easily, as the client-side Firebase Authentication SDKs have no functionality to look up data for any user but the currently signed in one.
To the additional question: if a user deletes their account from your application, you should respect their wishes and delete the additional data that you store for them too.
I know UID is used because it is unique. But in my app, all of them are registered with Google ID, Google ID is also unique. Should I use UID?
yes it is better to use the uid.
From the docs:
You can let your users authenticate with Firebase using their Google Accounts by integrating Google Sign-In into your app.
So after you authenticate the users, the uid will be in the authentication page in firebase. That id will help you later in the firebase database also and it is easier to use and add in the database.
Can easily be gotten using this:
FirebaseUser user=FirebaseAuth.getInstance().getCurrentUser();
Then you can use the method getUid() to get the userid. So using it will make the work easier for you.
From the docs:
After a user signs in for the first time, a new user account is created and linked to the credentials—that is, the user name and password, phone number, or auth provider information—the user signed in with. This new account is stored as part of your Firebase project, and can be used to identify a user across every app in your project, regardless of how the user signs in.
Also check this link: https://firebase.google.com/docs/auth/android/google-signin (Next Step section)
I'll suggest you use email ID instead of UID because if the user account is deleted from your Firebase Auth (either you delete it using Admin SDK, or perform a manual deletion on console), the next time user signs in with the same email ID will now give you a different UID and therefore all of your data in your database which rely on your UID won't be accessible.
However, you can't use use an email ID as it is, because Firebase key doesn't allow you to use . (dot) as keys, so just replace your . with a ,. You can find more information here.
TL;DR
Use email ID as it will always be unique unlike UID which gets generated every time a user signs in if that ID was previously deleted on Firebase Authentication server.