I develop an iOS application and I'm using Node & Postgres for handling user data and authentication. I would like to add a chat feature to my app and I chose Firestore for this.
My question is how should I link the existing user data with a Firebase collection of users without re-implementing the authentication part from the ground up. Right now the authentication is based on JWTs with access and refresh tokens.
In order to link my existing users, I can add the userId already present in my database to the users collection that I will create in Firestore, but I need some kind of authentication to ensure security.
While the token for Firebase is also a JWT, it will probably have to be separate from your existing JWT, as it contains Firebase-specific information (such as the project ID), and they're signed with different keys.
After you authenticate the user with your own backend, mint a custom token for Firebase authentication with the information you want to use in Firebase/Firestore and security rules, pass that to the client, and sign them in to Firebase with it.
Related
I am building a booking system and I am using firebase as the backend. The system has two parts:
the customer end which is an app.
the business end which is a website.
I am using the same firestore database for both and also using the same Firebase Authentication project.
So I need two sets of authentication sets one for the customer end and another for the business end.
I have added two apps in a firebase project for sharing the database. My issue is the users shouldn't be able to sign in at the business web app with their credentials and vise versa.
How can I create two sets of authentication details one for each app?
Authenticating a user with Firebase does not determine whether the user has access to anything app-specific. Authentication is merely a method where the user proves who they are.
You then use this information about the user to determine what they can do in your app(s), a process that is known as authorization. Authentication and authorization go hand in hand, but are still separate steps. And Firebase Authentication only takes care of the authentication part. Authorization is up to your app.
The typical approach to your scenario is to actually have only one set of credentials for each user. If the same user needs access to both the app, and the web site, they can sign in with the same credentials. Based on your knowledge of the user, you then grant or deny them access.
Most apps have a users collection with a user profile document for each user (using their UID as the key). Then after the user is authenticated your app could read the user's profile document and read for example two fields named isCustomer and isBusiness, to determine if the user has access to the app/site. You'd also use those fields in the security rules of your database to grant/deny access.
An alternative is to give each user profile in Firebase Authentication a custom claim to determine whether they are a customer and/or a business. In that case you'd need server-side code to set the custom isCustomer and/or isBusiness claims and use this in your code (and database) to grant or deny access.
Also see:
How to create firebase admin user for authentication in java
How to use the same Firebase Auth for Two different Flutter apps?
role based authorization and role based access control flutter
In my app I've 2 login methods(google&facebook) and all the users appear in the Authentication part inside my firebase project, and I haven't list/collection of my users in my database.
I want to display in my app list of users with some personal data.
My question is how do i get access to the users from the Authentication part(to get all the users for example)?
Is it good approach that the users appear only in the Authentication and not inside my database?
You can't list user accounts with the Firebase Authentication client SDK. You can only do that with the Firebase Admin SDK on a backend you control.
If you think it's OK for your users to be able to know all other users, then you should store that information in your database to make it queryable directly from the client, or create some sort of API endpoint where you can invoke the Admin SDK from your app.
I have an Ionic application using Firebase so I opted to use Angularfire. Currently running Angularfire4. In my application I store the uid and I want to get email related with that uid. I use the email/password login provided by firebase. How can I translate the uid to an email?
The only method found is when using nodejs.
The only data that is exposed in the client-side Authentication SDKs is the profile of the currently authenticated user.
There is no way to look up user data for a UID with the Firebase Authentication client-side SDKs. While admittedly convenient, it would make leaking user-data way too easy.
The only way to look up user data by UID is using the Admin SDK that you found. The idea is that you run those in a trusted environment (e.g. a server you control, or Cloud Functions) and selectively expose the user data that your app needs.
Is there a firebase call that accepts a number and returns all simplelogins greater than or equal to that number?
For the avoidance of doubt, I'm not referring to data in my app, I'm referring to the list of users maintained separately by Firebase under the Login & Auth tab.
When I refresh users, the ajax call made by the firebase graphical debugger is this:
https://auth.firebase.com/v2/MYAPP/users?forge=true&token=XXX
But I can't get this to work with my secure JSON web token ("firebase secrets")
Firebase keeps the email/password information for users of your application in a separate database.
There is currently no official public API to access your email/password users. You can however see the users in the Login & Auth part of your Firebase's Dashboard.
Most applications that use Firebase Authentication store a copy of their users inside their database, i.e. under a /users node. They can then access it through Firebase's regular APIs.
I am currently using firebase to make an ionic app. I am using firebase simple login for social auth (facebook, twitter, email & password). The auth works perfectly, it $broadcasts the authed user. However it doesn't seem to create a user in the actual firebase db. I was wondering how I can get the users that have been authed using my app.
For most of the authentication protocols it supports, Firebase doesn't store user data anywhere. Even for the protocols where it does store data (I only know of email+password doing this), it stores this information in a place that your application can't access (though you can find those users in the dashboard of your Firebase).
To quote the Firebase documentation:
It does not store profile or user state in your Firebase. To persist user data you must save it to your Firebase.
What most applications end up doing, is keeping a list of users inside their Firebase that they manage themselves. So when a user first authenticates with the application, it creates a node under /users/<uid> that contains the information for that user.
See this section of the Firebase documentation that describes storing user data.
Firebase does not store profile or user state in your Firebase instance. To persist user data you must save it to your Firebase.
Firebase provides multiple authentications services
Using existing social login providers such Facebook, Twitter, Google, and GitHub. Using these services provides an option for your users to access your application without creating a new account.
Using built-in support for logging in with email & password. This requires registration and account creation that is handled by Firebase. The user account information is stored outside you application.
Using a custom authentication to implement existing server-side authentication, single sign-on, legacy systems, or third-party OAuth based services (such as Yahoo).
Once authenticated, Firebase return a variable auth to your application that you can use for authorization and access control. This variable is null for unauthenticated users, but for authenticated users it is an object containing the user's unique (auth.uid) and potentially other data about the user.
If you want to persist additional user information such as name
and location, then you need to use auth.uid and store it in your
Firebase with additional profile data.
Internally, Firebase generates JSON Web Tokens (JWTs) and creates authenticated sessions by calling Firebase.loginWithCustomToken() with those tokens. Each user is assigned a uid (a unique ID), which is guaranteed to be distinct across all providers, and to never change for a specific authenticated user.
The user data for firebase authentication is stored in firebaseLocalStorageDb in IndexedDB. After login to website, if you delete firebaseLocalStorageDb, the login user data for firebase authentication is all deleted so you need to log in website again.