I use Flutter and Firebase, just ask myself how to allow users to add items to cart when they're not logged in yet and keep the cart when they logging in, anyone have an idea for this ?
On Firebase you'd typically start the user off with an anonymous authentication account. With that sort of account, Firebase generates a user ID (UID) for the user, without them having to enter any credentials. You then associate the cart/items with the UID, and then when you/they are ready to identify themselves, you can sign them in with another provider, and link that to the anonymous account.
I've provided links to the documentation for Android developers above, but the same functionality is available in the FlutterFire libraries too. For example, anonymous sign-in on Flutter is as simple as:
UserCredential userCredential = await FirebaseAuth.instance.signInAnonymously();
you can store this data in a separate database SQL lite as an example
Related
My app makes the user create a new anonymous ID automatically when downloading the app and when the user logs in, for example, by Facebook, the app change UID.
The problem is when I call FirebaseAuth.instance.signInWithCredential, It creates a new UID or change to UID that links to this credential, and the anonymous ID is never deleted. If many users relogin this app, many unuse anonymous ID and data will be garbage in firebase.
I have an idea to store UID in a variable, and when sign-in is successful, I delete using that UID, but firebase allows delete UID only current account. How can I solve this?
It sounds like you want to allow a user that you signed in anonymously to upgrade to an identified account. The idiomatic way to do that is to link the Facebook account to the existing anonymous account, so that the UID remains the same. To do this, follow the process described in the documentation on account linking and in the FlutterFire documentation on linking user accounts.
I use Flutter and Firebase, just ask myself how to allow users to add items to cart when they're not logged in yet and keep the cart when they logging in, anyone have an idea for this ?
On Firebase you'd typically start the user off with an anonymous authentication account. With that sort of account, Firebase generates a user ID (UID) for the user, without them having to enter any credentials. You then associate the cart/items with the UID, and then when you/they are ready to identify themselves, you can sign them in with another provider, and link that to the anonymous account.
I've provided links to the documentation for Android developers above, but the same functionality is available in the FlutterFire libraries too. For example, anonymous sign-in on Flutter is as simple as:
UserCredential userCredential = await FirebaseAuth.instance.signInAnonymously();
you can store this data in a separate database SQL lite as an example
I'm building two Flutter apps that will use the same Firebase project.
The first app is public and used by users to create accounts, login and use the application within the allowed access rules.
The second is for admins to approve user posts.
You have to login to use both apps. With the first anyone can create an account and login. Admins can also login with the same admin account. But with the second only admin users should be able to login. I'm enforcing security via access rules. But I need the second admin app to reject non-admin users from login in in the first place. So I can't simply create a collection and put the admin user UIDs in it.
How do I differentiate regular users from admin users, and most importantly use that differentiation to disallow non-admin users from login in into the admin app?
Currently for login I'm simply using
FirebaseAuth.instance
.signInWithEmailAndPassword(email: email, password: password);
I read about something called user claims, but there doesn't seem to be a way to modify this in the dashboard nor is there a way to specify some kind of condition via the code above.
I hope this makes enough sense.
Thank you all
You cannot prevent anyone from logging in to your application. The best you can do is check if the user is an admin. If yes, proceed else force logout them. You can use Firebase Custom Claims to add admin users or you can even store their UIDs in Firestore or Realtime Database.
UserCredential userCredential = await FirebaseAuth.instance.signInWithEmailAndPassword(
email: "barry.allen#example.com",
password: "SuperSecretPassword!"
);
// Check for claims here
if (admin) {
//...
} else {
await FirebaseAuth.instance.signOut();
// or just show alert that user is not an admin
}
You can use the getIdTokenResult method to get user's custom claims. This answer explains how to verify custom claims in Flutter.
I want to provide a way that users can change their sign in method in my App using Firebase Auth.
For example, if previously a user signed up using Email and Password, then he/she wants to switch to Facebook or Google Sign in method. Then how do I do this without changing the user's UID ?
Probably something like:
firebase.auth()
.signInWithEmailAndPassword('you#domain.com', 'password')
.then((userCredential) {
userCredential.user.updateSignInMethod(method: facebook)
.then((userData) => loginWithFacebookProcedure());
})
Is it possible? If yes, how to do that ?
Thanks
There is no direct ability to "switch" authentication providers with Firebase Authentication. Once an account signs up with a provider (such as email/password), that option will always be available to the user of that account.
What you can do instead is link additional providers to an existing account, which will allow the user to authenticate using any of the providers linked to that account. Until you unlink them.
So, if you really want to "switch", you will actually have to link to another provider, then unlink the old provider. But that seems like a waste of effort when you can simply retain all of the linked providers for the user to choose from.
I know UID is used because it is unique. But in my app, all of them are registered with Google ID, Google ID is also unique. Should I use UID?
yes it is better to use the uid.
From the docs:
You can let your users authenticate with Firebase using their Google Accounts by integrating Google Sign-In into your app.
So after you authenticate the users, the uid will be in the authentication page in firebase. That id will help you later in the firebase database also and it is easier to use and add in the database.
Can easily be gotten using this:
FirebaseUser user=FirebaseAuth.getInstance().getCurrentUser();
Then you can use the method getUid() to get the userid. So using it will make the work easier for you.
From the docs:
After a user signs in for the first time, a new user account is created and linked to the credentials—that is, the user name and password, phone number, or auth provider information—the user signed in with. This new account is stored as part of your Firebase project, and can be used to identify a user across every app in your project, regardless of how the user signs in.
Also check this link: https://firebase.google.com/docs/auth/android/google-signin (Next Step section)
I'll suggest you use email ID instead of UID because if the user account is deleted from your Firebase Auth (either you delete it using Admin SDK, or perform a manual deletion on console), the next time user signs in with the same email ID will now give you a different UID and therefore all of your data in your database which rely on your UID won't be accessible.
However, you can't use use an email ID as it is, because Firebase key doesn't allow you to use . (dot) as keys, so just replace your . with a ,. You can find more information here.
TL;DR
Use email ID as it will always be unique unlike UID which gets generated every time a user signs in if that ID was previously deleted on Firebase Authentication server.