I am working on a flutter app with a firebase backend and I can't find any documentation for what I'm trying to do. I am trying to have a user of my app (whose information is presumably stored in a FirebaseUser class) get their identity verified server-side and then if the identity is a certain user (verified by firebase serverless), they will be allowed to make a post to the db. The firebase documentation has stuff for android, ios and web but not for cross-platform flutter development. Can someone please point me in the right direction? I'm a little lost. Thanks!
Using Firebase with GCP will provide you this Server-Side authentication that you are asking for - so you don't need to worry. :)
If you just want to follow that, I would recommend you to take a look at the documentation from Firebase that talks about authentication. You can access this documentation in the below link.
Firebase Authentication
In case you indeed, need to use a private Server, I would recommend you to take a look at the below question that is already answered, about using a private server with Firebase. It should really help you achieve your goal.
Firebase authentication for private server
Let me know if the information helped you!
Related
I want to unverify users that are verified, everytime they sign out in my app. This is to achieve the behaviour I want for my app using firebase SDK. But, somehow, I can't find any solution (If it's really possible) for that. Can anyone enlighten me? Thanks, BTW! :)
There is no API to set the emailVerified property of the current user profile to false in the client-side SDKs for Firebase Authentication.
What you can do though is modify the user profile by using the Admin SDK and set the property to false there.
Since the Admin SDK can only be used in trusted environments, it won't run in the client-side app, and you'll have to do this by making a custom API that your app can call. If you don't have an existing server where you can run this API, consider using a serverless solution like Cloud Functions or Cloud Run.
i have a app both mobile and web in flutter so i want to create for desktop App, but base on the plugin does not support windows..
How can i use cloud Firestore and Firebase Auth in windows
Since the plugins don't support it, and there are no SDKs for Windows for either of the products, the most likely only option is to wrap the REST API that both provide. See: Auth REST API and the Firestore REST API.
It might also be worth checking out the Firestore gRPC API and its .NET client library, although I'm not sure if the latter is meant for use in client-side code or just for use in a trusted environment.
I had the same problem with desktop app in c#, there is not a lot of examples on the web. You are asking about flutter but I think my answer still should help you as the implementation is less important than concept.
You need to call your service and ask for custom_token, next with this custom_token you are calling google service and exchange custom_token for access_token. With this access_token you can call your service.
I created the the solution react.js+python+c#+firebase to have example for a future.
You can check the example on github
The firebase documentation regarding this topic is here
I am learning Flutter by following Codelab Firebase Tutorial and developing test Android app almost similar to this. Users save their baby name and others vote their favorites which updates Votes count in database. Based on this, I have few questions related to Firebase Security.
App does not currently have any Firebase Authentication. Is it necessary to have Firebase Auth seeing users who will just vote does not need to have any kind of registration.
Can someone decompile my app and get google-services.json file? If yes, will that allow them to use this file in their app and mess my database?
How much secure is my app from non-users like I mentioned in above point if I do not include firebase auth and keep security rules to default (read, write all)?
Apologies, If I failed to convey my point properly as I am still in learning stages of App development.
You must be using Firebase Authentiction if you want per-user read/write restrictions. If you aren't using it, you can only restrict what anyone in the world can do with public access.
Yes, anyone can get the values from your google-services.json file. They are added to your app as string resources. No, it doesn't allow anyone to access everything. What you're asking here is very common, try doing some searches for that. For example this.
If you use security rules that allow all read and write access, anyone with an internet connection will be able to read and write your database. This is not really acceptable in most cases.
I'm working on a project where it was asked for all the authentication to be done in our own backend, that is, without the usage of the Firebase SDK that comes pretty handy. The email/password sign up/sign in are very easy as we pass the email and password but all the other authentication methods, such as Google and Facebook, require postBody which contains OAuth Credentials. How am I able to get that data from the client (which can either be a native app or a react web page)? I've googled and read the Firebase REST Auth page for more info but I didn't find much other than what I already know. I've tried to work around with OAuth Playground from Google but it didn't work as well so I thought that my best chance was asking on SO where people with more experience could answer me.
I want to develop an Ionic app for android and ios using firebase backend.
Requirement:
1. I want to use anonymous authentication silently so that user does not have to be worry about login.
2. I just want to display list of some items on the home page using Firestore api.
Question/Problem:
1. How does firebase will get to know that only the my app using the firestore get api.
2. If I am storing api credentials/secrets in my android app and if other user somehow knows these credentials, will that person be able to use api on behalf of my credentials and I will not be able to track the usage.
Top Level:
If someone know my firebase api credentials/secrets, will that person be able to utilize my firebase quota in case I am using firebase anonymous authentication.
Thanks in advance.
The settings you use to initialize the Firebase SDK are not "secrets". It's all very much public information that identifies your app from all the other Firebase apps out there. Every Firebase app has a similar set of public data. Once you publish your app, you should assume that everyone is able to see that data.
This means that anyone can use that data. That's why it's important to use Firebase Authentication along with security rules to make sure that people logged in can only make use of whatever resources you specify. That's the only way to lock down the data in your Firebase project. If you are concerned about security, then you should be thinking about your security rules from the very beginning.