I'm working on a React-Native, Expo and Firebase project. I have built my firebase functions as cloud functions. The login, signup and register are built as a cloud function aswell. I'm using Email and Password to authenticate/signup the user.
I have used the method to store the token on the device and log the user in if it exists. However the token expires after 1h and after that my method does not work.
I have tried to use
firebase.auth().setPersistence(firebase.auth.Auth.Persistence.SESSION)
but that does not seem to work with cloud functions and returns error code: The current environmet does not support the specified persistence type.
What kind of workaround for this problem is there? Building a seperate cloud function that only refreshes the token, and in that case how do i achive that? What pros and cons is there for different solutions? Thankfull for feedback and
thoughts.
According to React Native Firebase's documentation, setPersistence method is not supported in React Native, link is mentioned below.
https://rnfirebase.io/docs/v5.x.x/auth/reference/auth#Unsupported-Methods
You can check this answer if this may help you,
https://stackoverflow.com/a/46143694/11758792
Related
I want to unverify users that are verified, everytime they sign out in my app. This is to achieve the behaviour I want for my app using firebase SDK. But, somehow, I can't find any solution (If it's really possible) for that. Can anyone enlighten me? Thanks, BTW! :)
There is no API to set the emailVerified property of the current user profile to false in the client-side SDKs for Firebase Authentication.
What you can do though is modify the user profile by using the Admin SDK and set the property to false there.
Since the Admin SDK can only be used in trusted environments, it won't run in the client-side app, and you'll have to do this by making a custom API that your app can call. If you don't have an existing server where you can run this API, consider using a serverless solution like Cloud Functions or Cloud Run.
I am creating a game in Unity where the user can contribute with levels using a Level Creator system.
My application is setup in a way that I just need to call the Cloud Function with the level info, and it handles duplicate entries and saves it to Firestore. All of this works perfectly.
My question, basically, is: can I have my functions only accept calls from my game? (without having my users registered?).
Naturally, I am using functions.https.onCall((data, context) => {}). In the documentation for Firebase, I noticed they use context.auth to check whether the user is authenticated or not. However, I am logging this value to the console and it appears to be undefined.
I am also confused with this line, from the same link:
With callables, Firebase Authentication and FCM tokens, when available, are automatically included in requests.
Maybe context.auth is not defined because my game isn't yet in Google Play / Apple Store? Any ideas?
Thanks to the new feature called Firebase App Check, it is now actually possible to limit calls to Callable Cloud Functions to only those coming from iOS, Android and Web apps that are registered in your Firebase project.
You'll typically want to combine this with the user authentication based security that Doug describes in his answer, so that you have another shield against abusive users that do use your app.
It's not possible to restrict invocations of a callable function to just one app, and it doesn't matter if the app is published to any stores. Once you deploy a function, it's accessible to anyone with an internet connection.
The best you can do is require your users to be authenticated with Firebase Authentication in your app, then check context.auth in the function to determine if the it should do what the user wants. context.auth will be undefined in the case of no authentication. If your code determines that the function should not go any further, you can return early. But the function is still invoked.
I am working on a flutter app with a firebase backend and I can't find any documentation for what I'm trying to do. I am trying to have a user of my app (whose information is presumably stored in a FirebaseUser class) get their identity verified server-side and then if the identity is a certain user (verified by firebase serverless), they will be allowed to make a post to the db. The firebase documentation has stuff for android, ios and web but not for cross-platform flutter development. Can someone please point me in the right direction? I'm a little lost. Thanks!
Using Firebase with GCP will provide you this Server-Side authentication that you are asking for - so you don't need to worry. :)
If you just want to follow that, I would recommend you to take a look at the documentation from Firebase that talks about authentication. You can access this documentation in the below link.
Firebase Authentication
In case you indeed, need to use a private Server, I would recommend you to take a look at the below question that is already answered, about using a private server with Firebase. It should really help you achieve your goal.
Firebase authentication for private server
Let me know if the information helped you!
I am building an app in VueJs and I am looking for the best way to do the authentication part, there is an API in progress as well that will need token verification for protected end points.
I would like to know if is possible to integrate Auth0 to Firebase in a way that Firebase is the main center of communication between the VueJs app and Auth0 (the same thing with the API -> Firebase -> Auth0).
I am asking this because I would like to know exactly if I can save some lines of code and performance using Firebase tools to get what I need from Auth0 without connecting directly to Auth0 API. Also I would like to use Fire Store to save the tokens I get from Auth0.
is possible to have this kind of architecture?
Here is a diagram for a better understanding of the wished result, hope is not confusing.
https://ibb.co/68tpw8L
Thank you!
These links are the closest solutions I found thru Google.
But according with the info I found you can do this but using Auth0 as my main gateway but I want all the contrary, using Firebase as the main gateway.
https://firebase.google.com/docs/auth/web/custom-auth#before-you-begin
https://auth0.com/docs/api/authentication#delegation
https://firebase.google.com/docs/web/setup
https://auth0.com/blog/developing-real-time-apps-with-firebase-and-firestore/
Auth0 has deprecated the /delegation endpoint which is used to get the token for third party vender.
https://auth0.com/docs/migrations#api-authorization-with-third-party-vendor-apis
As a workaround, use the firebase custom token authentication mechanism. https://firebase.google.com/docs/auth/admin/create-custom-tokens
https://firebase.google.com/docs/reference/js/firebase.auth.Auth.html#signinwithcustomtoken
To create a custom token, you can use the firebase function if you do not have a backend server.
The entire flow is described in the following auth0 blogs with a complete project.
https://auth0.com/blog/how-to-authenticate-firebase-and-angular-with-auth0-part-1/
https://auth0.com/blog/how-to-authenticate-firebase-and-angular-with-auth0-part-2/
I'm aware that using Twitter/Facebook Firebase authentication with React Native throws an error since obviously that's not the right env to open up a new auth window. Also, Email/Password auth should also fail since it's reliant upon LocalStorage which React Native doesn't support. Is the best way to implement any sort of Firebase authentication in React Native to create a Swift/ObjC bridge then really just use the Swift/ObjC Firebase auth library? If so, does anyone have any examples of doing this?
Update: As of Firebase 3.x, Firebase Authentication will correctly persist users in React Native apps.
Ahh, I didn't realize that React Native didn't polyfill localstorage. So if I understand your question right, email/password auth with Firebase works fine in React Native, except it is not persisted across app starts, so the user has to log in every time.
One possible solution would be to manually persist the auth token yourself. Something like:
Call authWithPassword(...) as usual.
In the onComplete handler, retrieve authData.authToken and store it locally (e.g. using AsyncStorage).
On next app start, retrieve the auth token from storage and call authWithCustomToken(authToken, ...).
We'll look into making Firebase do this automatically, but it's a bit tricky to do this without affecting other consumers of Firebase besides react. I've added this to our internal bug database though and we'll see what we can come up with. We'll update this answer when we have a solution. Thanks!