I know how to handle logIns and signUps and how to get current User but I was wondering if it costs a read if we get the user that is logged In or otherwise getting null if not logged in.
In otherwords does
firebase.auth().currentUser;
also takes up a read request.
Firebase Authentication APIs don't cost anything (other than phone authentication, which is covered in the pricing page).
When you say "read request", it sounds like you're talking about Firestore, which is a completely different product with different billing. Calling Firebase Auth APIs has no impact on Firestore billing. Firestore is billed based on your usage of its own APIs. Anything under firebase.auth() is not at all part of that.
Related
Is there any way to get to know the a user is already logged in any other devices ?.
In Firebase Auth service.
Anyone please let me know is there any predefined provision in Firebase Auth.
UserMetaData has the last sign in time. You can also set auth state persistence to be either local, session, or none.
You could use these to approximate whether a given user could be authenticated elsewhere, but it doesn't seem like there's data on whether a user is definitely currently authenticated somewhere. For that you'd need to store login/logout data separately, such as in a a Firestore document for each user.
Note that the auth service doesn't typically know (or care) whether the user is actively using the app... it just issues each user an authentication token, which is used over some period of time to prove that they are who they say the are. The token can be invalidated/refreshed from time to time for security reasons (according to the persistence setting), but it's not an indication of whether they're "active". You don't mention your use case, but if you're trying to figure out whether users are on or offline (say for a chat application), you should look at Firebase's offline capabilities.
In my app using Firebase as back-end, I wanted to implement a new feature based on Firebase Storage to allow my users to save some files.
Knowing that my app can be accessed only by people who are paying a subscription, I'm already filtering the access to Firestore (used in my project to store user data) via a document that stores if the subscrition is valid or not and this is filtered by the Firestore security rules.
I saw that there is no linkage between Firestore and Storage, so I can't in the Storage security rules read my Firestore documents. So I had the idea to use CustomClaims to add to the Auth token an attribute if the subscription is valid or not.
After tinkering a bit with it, I noticed and checked that it takes up to an hour to client to have a refreshed token. Since my app follow roughtly this workflow:
I don't think that is a good user experience to wait for an hour to have access to a service the user just paid.
Is there something I didn't see ? Is there a way to circumvent this problem ? Is there an other way to have a refresh token than to force the user to logout ?
You can force the ID token to be refreshed with currentUser.getIdToken(true) with the JS SDK. There are similar methods for the other Client SDKs.
See the doc for more details.
in the app, which logs the user in only through phone authentication.
now the question is can I get the user id from his phone number(not the user id of the current user though).
I have the access to other users phone number in the app, and I want to get their id for further use.
is it possible in flutter with firebase at the backend?
Looking up the UID for a user based on either phone number or email address is considered a sensitive operation. For this reason such operations are only available in the Admin SDKs, which are designed to be used in trusted environments, such as your development machine, a server you control, or Cloud Functions. For more on these, see the bottom two code samples in looking up user data in the documentation.
If you want to perform such operations from your client-side code, your two main options are:
Store the required mapping in a cloud-hosted database, such Firebase's Realtime Database or Firestore, as Huthaifa also answered.
Create your own custom API on a server or Cloud Functions where you lookup the user through the Admin SDK. Your client-side application code can then call this custom API.
In both of these cases you are in full control of what data you share, and how you secure access.
Sure you can, there are multiple approaches for this, if you post your structure for the user model, or how you are storing them in firebase.
You can run a simple Firebase query like this example:
FirebaseFirestore.instance.collection('users').where('phoneNumber', isEqualTo: thePhonenumberOftheuserYouwant2GetUIDfor).get()
You can also store the available\accessible contacts for every user in their user document, and when your user logs in, it'll fetch all their allowed user numbers.
The more information you provide to your problem, the more StackOverflow can provide you back.
Does updating user details such as name, password or adding/deleting Custom Claims in firebase authentication also cost charge ?
Suppose if I have 1 million users in my app with using firebase authentication and if I update password of all the users or add custom claims to all the user using firebase Admin SDK. Does this process cost any charge ?
Does updating user details such as name, password or adding/deleting Custom Claims in firebase authentication also cost charge ?
No.
Suppose if I have 1 million users in my app with using firebase authentication and if I update password of all the users or add custom claims to all the user using firebase Admin SDK. Does this process cost any charge ?
No.
I suggest reviewing the pricing information in the documentation. Firebase Auth has no charges except for phone auth. What you are describing is covered by "Other Authentication services" which are not billed.
There are limits to the rate at which you may make API calls, which you should also review.
If you have further questions about billing that are not covered in the documentation, you should send those directly to Firebase support.
So I'm trying to nail down all of the potential ways Firebase Authentication 'verifications' could rack up quickly against the Firebase Pricing plan.
Please correct me if I'm wrong, but an auth verification counts against the pricing plan when:
User successfully signs in
User successfully creates an account
NOT when a sign in/creation fails for some reason
I can't find anything in the documentation about the firebase.auth().onAuthStateChanged() method counting against verification.
To check if the auth state has changed wouldn't you also have to check if the user is verified? If the refresh token has expired due to account deleted/disabled or email/password updated the account would have to be re-verified.
Is a 'verification' counted against the limit when .onAuthStateChanged() is ran at all?
A listener to onAuthStateChanged notifies you of changes in authentication state that happen in your app. Attaching a listener does not in itself cause any changes in the authentication state. It does not count against any pricing quota.
Note that token refreshes also don't count against any pricing quota. The only priced part of Firebase Authentication is SMS verifications, which only happens when you call signInWithPhoneNumber to sign the user in.