I have a use case where I need to signup incoming customers in following way
The customer visits the site.
If the customer is new, then he will register himself on the site with email and phone number.
After this, the admin will send the email with OTP to that customer.
Once the customer has received the OTP, he can signin to the system and set new password.
I am using Firebase as backend for this and Ionic in the frontend.
I am confused as to how should I go for implementing this?
I was thinking of storing new users in real-time database and once the admin has confirmed then trigger a function to send OTP via mail.
Any suggestions on this?
I'm hoping your using angular
Use Firebase Auth
Set default route to login screen
When customer enters check the firebase auth state if authenticated proceed to home screen
Note: firebase.auth().onAuthStateChanged((user) => {}) can recognize user if previously logged in.
I not authenticated show login screen and register screens.
Use Firebase auth so it have a parameter called "verified" set to false by default.
when admin verifies set verified to true and trigger a cloud function to send Otp.
Related
i want to make an application that check if the user is a real user. i want to create an double/multiple auth like some app did.
something like e-commerce app, the user create an account using login signup with firebase on flutter. when the user already sign in how can i check/ask user to did more verification something like 1 user account will need phone number and email verification to be able did something like upload a product or buying a product
i already make the user can be login using email, google sign in, an anonymus login
and once again how can i check if user is anonymus?
You can make use of the isAnonymous property of the user to know if the user is an anonymous user or a real authenticated user.
From your question it seems you want to re-authenticate the user before buying or uploading a product. For that you can use any of the following methods.
reauthenticateWithCredential
reauthenticateWithPhoneNumber
reauthenticateWithRedirect
reauthenticateWithPopup
I am currently developing an angular+ionic app. Everything is working ok but I got a question with the forgot password workflow: sendPasswordRestEmail -> user clicks link -> user fill form -> user submit form -> password and oobCode send with the firebase auth api, which I am accessing through angular fire package.
As I said everything is working as intended. The only "issue" I see is that firebase not only sends password reset email to user that created their account with an email/password but also users that are using an external provider like Google ( sign in with google). I havent test login with Facebook at this point but it is happening with google provider. I just want to make sure if this is the intended workflow or something may be wrong... a bug or something? before I post an issue on github, because even though the user can "change its password" when using an external provider, it is having no effect on their external account(gmail account) which of course should have no effect.
Sending a password reset email from Firebase allows the user to reset the password on their Firebase Authentication account. It has nothing to do with the password they may have with any social provider associated with that account.
I'm working on a app which uses Firebase Auth to signup and login, but I'm facing some things which I don't know how to start. Users need to registrate on a website and they need to pay a subscription before the user is created in firebase, when they don't pay anymore, the user account should be disabled. So basically, users registrate on the web and after they pay, they can log into the app with their credentials.
Edit:
Since yesterday I'm trying to implement either mollie or stripe, but I can't get myself started, online there are very few video's about payments in combination with firebase
There are basically two ways off the top of my headto do this:
A) Secure but it involves cloud function and creating custom authentication token to login.
User registers with email.
User keys in login information and posts to cloud function.
Find user's uid/email and check for password.
Fetch the subscription document and check if it is active.
If it is inactive, return an error message accordingly.
If it is active, create an authentication token and return to user to login.
B) Client side checking, less secure but will do the trick.
User logins
Fetch subscription using user's uid. Check its validity
Force redirect user to subscription page if it is inactive with
error message. OR Autologout user if it is inactive with error message.
May I also suggest Stripe for their subscription service (Not sponsored)? Unless you already have an implementation in place.
I am using flutter for this project. My goal is to send a verification email to the admin once the user has registered his/her account. The profile will be registered once the admin verifies it through email.
I am aware that we can send a verification email to the user itself to verify the email id by using Firebase Auth. I was wondering whether there is a way to change the reciever's address from the user to an admin's email id(custom email id). If no then is there any other way to perform this task ?
Thank you in advance for the help.
I am using Cloud Firestore as a database service.
You can use Cloud Functions to know when a user was created or deleted.
But if you want to get an email only after the email was confirmed, then you would have to do it inside your app, triggering some logic that sends you a message from inside your app once you detect the email is verified.
You can't change the destination of the verification email. It will always go to the email address that was used at the time of signup.
If your goal is to prevent the user from doing anything with some backend resource until after an admin authorizes them, what you can do is use custom claims to add a flag to the account that can be checked by security rules or your backend endpoint. The presence of that flag can be used to tell if an admin has authorized them. You will have to build out some amount of backend infrastructure to make all that work.
As far as I remember there are Firebase Authentication triggers that you can use to listen to new user creations. You need to setup a Firebase function that listens for user creation events.
functions.auth.user().onCreate((user) => {
//send email to admin
}
Another step that you can take is to disable the newly created account and also send email to the user as well telling him that his account is disabled until admin approves it. You can achieve this using Firebase Admin SDK. And maybe create another cloud function that admin activates to enable the account back. So maybe something like this:
functions.auth.user().onCreate((user) => {
// disable this account
// send user email to let him know that his account is disabled until approval
// send email to admin to ask for his approval for the account
}
() {// another cloud function that enables the user account called by admin}
This may not be the best solution but it will work.
Firebase Auth has a method to send a verification email so the user can reset his/her password. This link redirects the user to a website where the new password will be written and saved.
Is there a way to reset a user's password using flutter and firebase inapp? I mean, could I send a verification code through SMS or email that would be then typed into the app and the user would choose a new password all inside the app?
Thank you!
To be able to change a user's password directly through the API, the user will have to enter their current password in order to be able to update it.
If you use the Admin SDK however you can implement whatever flow you want, and update the password at the end of the flow. But of course in that case it is up to you to ensure you do it securely.
You can do so by using custom email handlers along with dynamic links to open them in your app. This might require a custom domain to do so. Once the user visits your application on the custom route/page, you can then use applyActionCode method to process the email action. Checkout my answer here for a detailed explanation on processing the email actions:
How to build a custom Email action handler in Flutter for Firebase Authentication