Currently, I am trying to develop a web portal where I want to allow specific users to enter in the site. This means I want to use specific username and password to enter my side without using any email address. How it is possible? I see that for custom login I have to use an authentication server and it is allowed in the Functions tab in Firebase. But I have to purchase it. Is there any workaround available to create my custom login without an email.?
Firebase Authentication has no username-password authentication. The best you can do is whenever user enters the user name you can append #yourapp-com to make the format like an email and use it with the password.
Use the same method when user tries to login, when they enter their username, append with that domain and use signInWithEmailAndPassword method. So technically you are using email and password (but the email cannot receive emails) but your users enter username and password only.
That was the easy work around but you can also store usernames and passwords in database. However make sure you properly hash the password in the database. You can use cloud functions to authenticate user. The auth flow would be like:
User enters username and password
A cloud function is triggered which then verifies the username and password
If the password matches, use the Admin SDK to generate a Custom Token and send it back to client
Use the signInWithCustomToken method and log the user in with that token.
Related
In a Firebase project, I have activated multiple sign-in methods (e-mail, Google, and Microsoft), which all work fine. I also have it activated to only allow one account per e-mail address.
The problem arises when a user successfully signs in via Google or Microsoft, then signs out and then signs in via e-mail, using the same e-mail address as before using Google or Microsoft. Then his account type changes to e-Mail and it seems like a no way back.
Is there a way to change user account types from e-mail back to Microsoft or Google?
Your code must have different functions written for different signin's. When the user first logs in, store his login method on firestore. You can get this from the signin function triggered or simply by the button user clicked. Then during each login add a check that if user exists and user's current signin method is not the same as the one stored on firestore, notify the user to use the correct one.
Or you can let the user signin using whatever they please but ultimately in your code, the function which is triggered will tell you the current signin method and you'd have the first/previous method stored. So you can do stuff accordingly.
What you are writing in question seams not how it works. When you sign in using Google provider your email is verified automatly and if you try to sign in using same email authentication will throw error that account with that email allredy exists.
If you created first account using email and password and didn't verify your email addres then if you sign in using google provider with same email address in it, email and password provider will gone because of was not verified and you wont be able to login using email end password unless you will setup a new password for this email.
If email was verified and you sign in using google provider with same email address. This provider will be added to providers array and you will be able to login using email and password and google provider.
To add multiple providers to your accaunt you can use linkWithPopup() function. If you created accound with diferent email address and want to be able to log in on this account with provider who has diferent email address for example.
Is it possible to implement Firebase Authentication with Username And Password
(not email and Password) in Flutter? Is there a way to do it with the Firebase Auth Plugin?
Logically you can control email address
I mean if you want you can maintain email address pattern and store the username for the created UID .
Example :
Var currentTimeStamp:
CurrentTimeStamp#gmail.com
No Need to verify the email address as you need only the UID
Then you have to store the UID ,email address ,along with username in the Firestone or real-time database so that user can login again with the user name .you have to check user name and password is correct or not then do signin with that email addrsss and the given password
Thanks
It’s just an idea
No, FirebaseAuth only supports sign in with email and password. There are no usernames unfortunately.
Currently there is no way to use the default FirebaseAuth to sign in with a username.
But email + password login is much more secure because if you want to try and brute force a user you have 2 missing pieces of information instead of one.
Actually there is a way from the start offered by Firebase. It is by using Custom Auth Tokens (link).
But this is most suitable when you have complete custom server/backend and only want to use Firebase Authentication to handle the authentication.
You will need to create custom auth tokens using the user's user id and password. This can only be done by Firebase Admin SDK (link).
That means this approach needs some kind of server. You can use Google cloud functions or AWS lambda for some cheap options.
Then in order to use the authenticated users, you'll need to implement a function to verify these tokens (link). This gives the UID of the user.
Firebase Auth has a method to send a verification email so the user can reset his/her password. This link redirects the user to a website where the new password will be written and saved.
Is there a way to reset a user's password using flutter and firebase inapp? I mean, could I send a verification code through SMS or email that would be then typed into the app and the user would choose a new password all inside the app?
Thank you!
To be able to change a user's password directly through the API, the user will have to enter their current password in order to be able to update it.
If you use the Admin SDK however you can implement whatever flow you want, and update the password at the end of the flow. But of course in that case it is up to you to ensure you do it securely.
You can do so by using custom email handlers along with dynamic links to open them in your app. This might require a custom domain to do so. Once the user visits your application on the custom route/page, you can then use applyActionCode method to process the email action. Checkout my answer here for a detailed explanation on processing the email actions:
How to build a custom Email action handler in Flutter for Firebase Authentication
we are building an angular 5 app with Firebase.
We allow users to login with email+password or google account and we don't allow to have multiple accounts related to the same email address.
We built a form to allow users to ask for a Password Reset Email if they forgot their email password credentials and works perfectly if the user has an email+password account.
The problem arises when the reset email is asked for a google account. We'd expect for firebase to throw an error, not allowing to send the email, but the email is sent and if the user proceeds resetting the email the account is transformed from google type to an email+password.
Is there a way to prevent this behaviour ?
There is no way to prevent this. When a user resets their password, they are making a conscious decision to do so. Firebase is providing a way to recover an email account, in case it was hijacked. In the process all providers are unlinked and a password is set on the account.
You have a way to check if the email is associated with google provider or not. Checkout the fetchSignInMethodsForEmail and fetchProvidersForEmail APIs. These APIs would return the array of sign in methods or providers associated with an email.
I am using ionic 3 and firebase for the backend.In my app I am trying to let users sign up with just username and password. Well firebase by default doesn't provide that option. So I am getting user's input as username (for example: 'mike123') then i add #myapp.com. so it looks like an email: 'mike123#myapp.com'. That is all fine, but a problem just came up when user's want to reset their passwords. Is it possible to let users type in any valid email address at the time they want to reset their password?.
You can change the password of the user by https://firebase.google.com/docs/auth/admin/manage-users#update_a_user. Note that this is in the Firebase Admin SDK, so will require that you run code in a trusted environment, such as a server you control or Cloud Functions.
But faking username+password by faking an email address is non-ideal. I'd consider creating a custom auth provider for your needs.
If the email provided when sending the Reset Password request doesn't exist for any user, then it will fail.
In Android, calling sendPasswordResetEmail with a non-existing email, it would return a:
FirebaseAuthInvalidUserException: There is no user record corresponding to this identifier. The user may have been deleted.
You should ask for a valid email from the user and save their preferred username separately upon the user creation.