We have our app which is working inside the Telegram app and we need to create a user in Firebase using the JWT token. To create the JWT token, we need to verify users' details.
Is there any way to validate users' details like name, phone, id, etc., on the backend from Telegram using access_hash or any other token?
Related
background of this question
I'm using firebase auth for user authentication on my app.
I realized that firebase doesn't have a log of user information changes, so I can't answer user questions about it.
So, I'm planning to move the feature of changing user account info (like email, display name, and password) from using the client-side firebase auth library to using server-side firebase auth SDK for the purpose of taking logs of these changes to use for user support. Also, I'd like to make logout a user who changes account info.
I've looked for the appropriate API on the document firebase.google.com/go/v4/auth and found UpdateUser function. The struct UserToUpdate which is a parameter of UpdateUser can set a new email address, new password and new display name, but I can't find to set the parameter to make a user logout.
my question
Is there a way to log out a specific user by firebase auth go SDK?
Firebase Authentication's client-side sign-in is based on ID tokens, which are valid until their built-in expiration (by default: an hour after they are minted). Since no server keeps a list of all the ID tokens it has minted, there is no way to mark a token as invalid on such a list either.
The common approach to revoke access for a user is to:
Revoke the refresh token, so that they can no longer mint new ID tokens with it.
Add the ID token(s) of the user to a self-managed list of revoked ID tokens.
Detect the presence of an ID token in this list from your server-side code and security rules.
Optionally detect the refresh token revocation on the client
Instead of logging the user out, you can also force-refresh their ID token/profile on the client to get the latest information from the server.
Is it possible to send an SMS containing a one-time-token to a specific phone number through Firebase Authentication?
Conditions:
My App is a multi-user web app.
There are 2 user roles in My App: Admin, and Member.
I want to:
Member user clicks a button.
Send an SMS containing a one-time token to the admin phone number.
Admin user tell a one-time-token member user.
Member user fills out a form and presses submit.
Token is sent back to the Firebase and verified.
What you're describing is not a built-in flow for Firebase Authentication. The closest equivalent is Firebase's phone number authentication, but in that scenario the one-time password (OTP) is sent to the user who signs in to the app.
So you can either modify your flow to use another step for involving the admin user, or you can build your own provider for Firebase Authentication. In the latter case, you won't be able to use Firebase to send the SMS messages though, but will have to use another provider for that.
Hi I am trying to build a website login system where users are able to log in using their telegram. I would like to achieve this workflow:
User selects to login/sign up via telegram.
User enters their username (#ExampleJoe).
A 6-digit verification code is sent to them via my Telegram bot (#ExampleBot).
The user enters the received 6-digit code into my website and is allowed to enter.
I have issues with steps 2-3 where my bot can send them a direct message (not in a group chat) with only their username. I am aware that sendMessage method in the Telegram bot API requires a chat_id and that a user_id is also suitable. However, I do not know how to get the user_id with just the user's username.
That's not possible with the Bot API. You'd have to use a userbot for that. Note however, that TG provides a native login widget that you can use instead.
My signed-in Android clients register their tokens with my server. The problem is I am not sure whether the token sent by a particular client genuinely belongs to that client user id. A bad client could register valid tokens of other users.
Given an FCM token and a user id, how can my admin code on the server verify that the token indeed belongs to the (authenticated) user id?
On a Firebase level there is no connection between a Authentication UID, and a Cloud Messaging Instance ID token.
A Firebase Authentication UID uniquely identifies a user. If that user signs in on a different device, they have the same UID value.
A Firebase Authentication Instance ID token identifies a single app on a single device. If a different user signs in to that app, the app will keep the same Instance ID token.
If you want to associate a UID with an FCM tokens, you have to do that in your application code. For example, many developers clear the FCM Instance ID tokens when the user signs out of their app. This ensures that a new user who signs in on the same device will get a new Instance ID token.
Also see:
Firebase Cloud Messaging Auth Tokens vs Registration Token
What is the proper way to capture device registration tokens in order to send notifications via Firebase Cloud Messages?
I have been looking for ways to send notifications to specific users and what I found was that I need the device token to do that.
I have tried Firebase and Ionic Cloud Service to do some pushs and it worked fine, but I'm wondering if it's possible to register a service with a key -> value, for exemple, register with the username and the token. If so, how can I do it?
And what is the best service to do it?
Thank you in advance for the help.
P.S.: I'm not asking for code, just the theory.
From you question [for example, register with the username and the token. If so, how can I do it?] I understand following.
You mean to say, there is a mobile app, which user will sign up to use and you want to send the notification to registered user i.e. get send push notification by username.
To solve this, you can follow the steps mentioned below.
On app launch when you get FCM registration token, save it to some intermediate location such as local storages along with device-id, mobile details etc..
Create a backend API which can save username and registration token in DB.
When a user signs up or signs in, then fetch the registration token from local storages, post username, token to backend API to save it. You can make backend API bit intelligent to handle multiple devices of the single user, distinguishable by device-id, mobile details.
Then while sending API from the backend, you can fetch all registration ids of a single user and send the notification to that users using all tokens of that user in FCM API. Use registration ids as JSON array in "registration_id" field. FCM Document - link.