I have an existing Firebase project where I'm managing auth myself in a backend API. I'm hashing the password and comparing it to a stored hashed password and returning a custom claims token.
I'm trying to transition the project to using the native auth (sign in with email + password). My problem is the existing users. I have hashed passwords for all of them stored in Firebase, but the Firebase auth itself doesn't know about the passwords. I don't want to force my users to all set their passwords again, but I don't see another way to accomplish this. Is there another way?
I guess you know the key used to hash the passwords, since you stored them in Firestore. You could then use the auth:import command of the CLI.
Related
I'm working on a project where I'm using the authentification of firebase to use the forgot password thing. However, I have a collection users that I use as well and need the password field to be updated in the collection as well.
Any solutions please ? I can't seem to find a way to get password from authentification.
There is (very intentionally) no way to get a user's password from Firebase, and wanting to do so typically indicates an anti-pattern in your implementation.
If you already verify the user's credentials elsewhere, you shouldn't use Firebase to do the same (but for example mint a custom token based on the external credentials). If you use Firebase to verify the user's password, you shouldn't repeat that in your code (although you can for example decode the user's ID token to determine their identity).
I develop an iOS application and I'm using Node & Postgres for handling user data and authentication. I would like to add a chat feature to my app and I chose Firestore for this.
My question is how should I link the existing user data with a Firebase collection of users without re-implementing the authentication part from the ground up. Right now the authentication is based on JWTs with access and refresh tokens.
In order to link my existing users, I can add the userId already present in my database to the users collection that I will create in Firestore, but I need some kind of authentication to ensure security.
While the token for Firebase is also a JWT, it will probably have to be separate from your existing JWT, as it contains Firebase-specific information (such as the project ID), and they're signed with different keys.
After you authenticate the user with your own backend, mint a custom token for Firebase authentication with the information you want to use in Firebase/Firestore and security rules, pass that to the client, and sign them in to Firebase with it.
My program should allow offline login.
To do these, I trying to save password hash which created by Firebase Auth.
Then offline acquire email and password from login screen, authenticate by password hash which saved at local.
I can find export firebase auth to csv document.
To implement my use case how I do that?
If you're trying to get a list of all users and their password hash from Firebase, you can do so through the Firebase Authentication Admin SDK's listUsers method. For security reasons this SDK only runs on a trusted environment, such as your development machine, as server you control, or Cloud Functions
I am managing SQL server database along with Firebase. I have created user's account in Firebase from back-end by below method and stores other properties
in Firebase by providing User UID as unique key.
firebase.auth().createUserWithEmailAndPassword(Email, Password).then(function (user) {
firebase.database().ref("Users/" + user.uid + "/").set({
favouriteId: FavouriteId,
hotelId: HotelRef,
isActive: IsActive,
isLoggedIn: IsLoggedIn,
name: Name,
vendorId: VendorId
}) });
User can use above credentials to login into mobile app.To change password of user I am using reset password by email from Firebase. Here Password is changing from mobile side and I am unable to update that password in SQL server.I want to update new password in SQL server database.
I have searched for above but I didn't find any solution or other way to get password from Firebase.
Currently I am calling API from mobile side to update password in SQL server.
Is there any way to retrieve updated password from Firebase database?
Why are you storing the password (never a good idea to store plain text password) when Firebase Auth already does this for you securely using best practices including salting and hashing the password. If you plan to use Firebase Auth, you may as well let them manage password authentication for you. If you need to migrate to another auth system at some point in time, Firebase Auth provides multiple tools to get the hashed passwords via CLI SDK and Firebase Admin SDK.
I have an Ionic application using Firebase so I opted to use Angularfire. Currently running Angularfire4. In my application I store the uid and I want to get email related with that uid. I use the email/password login provided by firebase. How can I translate the uid to an email?
The only method found is when using nodejs.
The only data that is exposed in the client-side Authentication SDKs is the profile of the currently authenticated user.
There is no way to look up user data for a UID with the Firebase Authentication client-side SDKs. While admittedly convenient, it would make leaking user-data way too easy.
The only way to look up user data by UID is using the Admin SDK that you found. The idea is that you run those in a trusted environment (e.g. a server you control, or Cloud Functions) and selectively expose the user data that your app needs.