Flutter Firebase Auth with Username and Password - firebase

Is it possible to implement Firebase Authentication with Username And Password
(not email and Password) in Flutter? Is there a way to do it with the Firebase Auth Plugin?

Logically you can control email address
I mean if you want you can maintain email address pattern and store the username for the created UID .
Example :
Var currentTimeStamp:
CurrentTimeStamp#gmail.com
No Need to verify the email address as you need only the UID
Then you have to store the UID ,email address ,along with username in the Firestone or real-time database so that user can login again with the user name .you have to check user name and password is correct or not then do signin with that email addrsss and the given password
Thanks
It’s just an idea

No, FirebaseAuth only supports sign in with email and password. There are no usernames unfortunately.

Currently there is no way to use the default FirebaseAuth to sign in with a username.
But email + password login is much more secure because if you want to try and brute force a user you have 2 missing pieces of information instead of one.

Actually there is a way from the start offered by Firebase. It is by using Custom Auth Tokens (link).
But this is most suitable when you have complete custom server/backend and only want to use Firebase Authentication to handle the authentication.
You will need to create custom auth tokens using the user's user id and password. This can only be done by Firebase Admin SDK (link).
That means this approach needs some kind of server. You can use Google cloud functions or AWS lambda for some cheap options.
Then in order to use the authenticated users, you'll need to implement a function to verify these tokens (link). This gives the UID of the user.

Related

Get Firebase user data using email address

Could I know how to get User data by Email registered to Firebase Auth?
Because I'm using Firebase auth to create users by createUserWithEmailAndPassword in the system from backend. In that method, I'm avoiding password encryption.
And In the future, If I need to update a user password from the backend I want user data. And I don't save uid in my MongoDB for security reasons.
I read so many articles that say use getUserByEmail I think this is deprecated.
How can I do this? Need help :)
The documentation doesn't say anything about getUserByEmail being deprecated. It literally says:
In some cases you will have a user's email instead of their uid. The Firebase Admin SDK supports looking up user information with an email:
So, you should just use what the documentation says.

UPDATED : flutter sign in with realtime database firebase [duplicate]

Is it possible to implement Firebase Authentication with Username And Password
(not email and Password) in Flutter? Is there a way to do it with the Firebase Auth Plugin?
Logically you can control email address
I mean if you want you can maintain email address pattern and store the username for the created UID .
Example :
Var currentTimeStamp:
CurrentTimeStamp#gmail.com
No Need to verify the email address as you need only the UID
Then you have to store the UID ,email address ,along with username in the Firestone or real-time database so that user can login again with the user name .you have to check user name and password is correct or not then do signin with that email addrsss and the given password
Thanks
It’s just an idea
No, FirebaseAuth only supports sign in with email and password. There are no usernames unfortunately.
Currently there is no way to use the default FirebaseAuth to sign in with a username.
But email + password login is much more secure because if you want to try and brute force a user you have 2 missing pieces of information instead of one.
Actually there is a way from the start offered by Firebase. It is by using Custom Auth Tokens (link).
But this is most suitable when you have complete custom server/backend and only want to use Firebase Authentication to handle the authentication.
You will need to create custom auth tokens using the user's user id and password. This can only be done by Firebase Admin SDK (link).
That means this approach needs some kind of server. You can use Google cloud functions or AWS lambda for some cheap options.
Then in order to use the authenticated users, you'll need to implement a function to verify these tokens (link). This gives the UID of the user.

Firebase authentication without email

Currently, I am trying to develop a web portal where I want to allow specific users to enter in the site. This means I want to use specific username and password to enter my side without using any email address. How it is possible? I see that for custom login I have to use an authentication server and it is allowed in the Functions tab in Firebase. But I have to purchase it. Is there any workaround available to create my custom login without an email.?
Firebase Authentication has no username-password authentication. The best you can do is whenever user enters the user name you can append #yourapp-com to make the format like an email and use it with the password.
Use the same method when user tries to login, when they enter their username, append with that domain and use signInWithEmailAndPassword method. So technically you are using email and password (but the email cannot receive emails) but your users enter username and password only.
That was the easy work around but you can also store usernames and passwords in database. However make sure you properly hash the password in the database. You can use cloud functions to authenticate user. The auth flow would be like:
User enters username and password
A cloud function is triggered which then verifies the username and password
If the password matches, use the Admin SDK to generate a Custom Token and send it back to client
Use the signInWithCustomToken method and log the user in with that token.

Can Firebase users created without a password still sign in?

In a scenario where a new Firebase user is created without a password, could the user sign in using just their email address (passing a null/empty string as the password)? Or does Firebase reject all attempts to authenticate with email + password when no password is specified in the user auth object?
The Firebase Admin SDK docs are clear that password is an optional property for createUser(), but the Password Authentication docs don't appear to specify Firebase's behavior when the user was created without a password. It would also be interesting whether an email link authentication (only) strategy can be enforced by leaving and/or setting a user's password as undefined, but this also doesn't appear to be explicitly called out in the docs.
Presumably Firebase rejects the email/password auth attempts, creating a de facto requirement for email link authentication (supported anecdotally), but any suggested links to Google authored docs would be greatly appreciated!
Firebase Authentication users are associated with one or more providers, and many of those providers don't need the user profile to have an associated password. For example: if you sign into Firebase with your Facebook account, the Firebase Authentication profile will not have an associated password. This applies to most providers, as in most cases the password is stored elsewhere (Facebook, Google, LinkedIn, Microsoft, etc), or ephemeral (email-link, phone auth).

What uid is best to use for Firebase Firestore user document ids?

I have a firebase project for which I have created a firebase firestore database. I use firebase auth for signing users in.
I want all documents in reference with a specific user to have their id equal to the users uid.
At first, I set the document id to the FirebaseAuth.FirebaseUser.uid
The problem with that is that the FirebaseUser.uid can change under certain circumstances (E.g. the user changes his Google account password)
Is there a persistent uid I can use to refer to a specific user no matter the authentication provider ? If not, what would be best practice ?
Normally, for a given user in Firebase Auth, the user unique ID (the uid generated by the Auth service) will never change.
For example, you can, with the Admin SDK, change the email of a user without changing its uid, see this doc.
You can also have several identity providers for the same account, with the same uid, see here:
You can sign in users to your apps using several methods: email
address and password, federated identity providers, and your custom
auth system. You can associate more than one sign-in method with a
user: for example, a user can sign in to the same account using an
email address and a password, or using Google Sign-In
Note that changing the password of an identity provider account (e.g. "changing the Google account password" as you mentioned) has no impact at all on the uid or on the other user account elements (actually the identity provider password is not stored in Firebase Auth).
So, in conclusion, using the uid generated by the Auth service is the best solution for your requirement.

Resources