I've searched around and have come up blank. I can't figure out where OAuth2 claims are actually stored in Firebase. I refer here to the claims that I can set via SetCustomUserClaimsAsync and get (through the returned user) via GetUserAsync. I guess I was imagining being able to manage that data via some browser page, as well as via code, but perhaps by design this is not possible?
Thanks in advance for suggestions.
Custom claims currently don't have a UI in the Firebase console. Feel free to file a feature request for that. Right now, you will have to write code to find the contents using the APIs you already mentioned.
Related
I set up a new app for "Signin with LinkedIn" but only got the following scopes
I tried to modify the scope to get r_basicprofile but could not find any way to do so. Even when I recreate one, it just does not allow me to choose the scopes.
When I try to force the scopes from the client, I get "unauthorized_scope_error".
How should I do?
Thanks
It seems you're looking to leverage the marketing APIs. See the documentation on getting access to these.
I'm trying to find a way of authenticating a user with email /password purely through Go. I'm using Go templates and would like to use HTML purely as a dumb terminal to fetch input from. I seem to need to go through the firebase-app.js apis, sign-in, then pass the returned UID to go. Am I missing something? I am looking for something similar to the js :
firebase.auth().signInWithEmailAndPassword(_emailText, _passText)
I've had no luck finding anything in the godocs.
I figured it would be straight forward since I'm hosting on GAE and fetching a firebase service account is trivial. But it seems I need to capture the userInfo through js and possibly pass it back to go possibly through a GET method.
thanks in advance!
I'm trying to write a function that will check to see if an email is registered with my Firebase app (with Javascript/Web), before proceeding with the sign up process (if the email isn't registered).
I created a node named active_emails which I wanted to populate with registered emails (like an array). I was going to check the email against this list and if it didn't exist then I would allow the user to proceed with the registration process.
I see from the answer here: Proper way to store values array-like in Firebase that Firebase creates keys inside the array. So a normal Javascript array check won't work. I understand how the answer above works, but I was wondering, since I'm essentially doing a look up on the emails of registered Firebase users, is there another way to do this check?
Am I correct in thinking that the answer above requires Firebase to compile and then send an array of emails back to the user client-side? This seems like it might affect performance (if there are hundreds of thousands, or millions of emails on file), and would it expose all user emails to the client? Is there another way to check if a user is registered or not, maybe something like attempting a registration and then catching a duplicate email error (although this sounds like a messy way to go about this).
The top answer here: How to find out if an email is already registered with Firebase Simple Login? suggests using fetchProvidersForEmail as a way of checking to see if an email is registered, but that answer is for android and I don't know if it's possible to do such a thing with Javascript/Web.
I've tried to integrate this method here:
function checkEmail(){
firebase.database().ref().fetchProvidersForEmail("emailaddress#gmail.com").once("value", function(snapshot) {
console.log(snapshot);
});
}
But it shows the error: firebase.database(...).ref(...).fetchProvidersForEmail is not a function. Does anybody have any ideas on the best way to go about achieving this check?
Thank you in advance!
This method is for auth only:
firebase.auth().fetchProvidersForEmail("emailaddress#gmail.com")
This is deprecated.
firebase.auth().fetchProvidersForEmail("emailaddress#gmail.com")
Use this.
firebase.auth().fetchSignInMethodsForEmail(email)
Background: This is my first standalone web development project, and my only experience in Meteor is building the Discover Meteor app over the last summer. I come from about a year of CS experience as a side interest in school, and I am most comfortable with C and C++. I have experience in python and java.
Project so far: I'm creating a calendar management system (for fun). Using accounts-google, I have created user accounts that are authenticated through google. I have requested the necessary permissions that I need for my app, including 'identity' and 'calendar read/write access'. I've spent the last week or so trying to get over this next hurdle, which is actually getting data from google.
Goal: I'd like to be able to make an API call to Calendar.list using a GET request. I've already called meteor add http to add the GET request functionality, my issue comes with the actual implementation.
Problem: I have registered my app on the developer console and set up Accounts using the client ID and secret, but I have not been able to find/generate my 'API key' for use in the request. Here is the google guide for creating the access token by using my (already) downloaded private key. I'm having a hard time wrapping my head around an implementation on the server side using JS because I don't have a lot of experience with what is mentioned in the HTTP/REST portion of the implementation examples. I would appreciate some help on how to implement a handshake and receive an access token for use in my app. If there is a call I can make or some package that will handle the token generation for me, that would be even better than implementation help. I believe an answer to this would also benefit this other question
The SO answer that I've been referring to so far: https://stackoverflow.com/a/14543159/4259653 Some of it is in spanish but it's pretty understandable code. He has an API key for his request, which I asked this question to help me with. The accounts-google documentation isn't really enough to explain this all to me.
Also an unrelated small question: What is the easiest way to deal with 'time' parameters in requests. I'm assuming JS has some sort of built-in functionality that I'm just not aware of yet.
Thanks for your research. I have also asked a very similar question, and right now I am looking into the package you recommend. I have considered this meteor-google-api package, but it looks abandoned.
Regarding your question about time manipulation, I recommend MomentJS. There are many packages out there; I am using meteor add mrt:moment
EDIT: MomentJS now has an official package for Meteor, so use meteor add momentjs:moment instead of the mrt command above
Below is a snippet of what moment can do. More documentation here.
var startTimeUTC = moment.utc(event.startTime, "YYYY-MM-DD HH:mm:ss").format();
//Changes above formatting to "2014-09-08T08:02:17-05:00" (ISO 8601)
//which is acceptable time format for Google API
So I started trying to implement all of this myself on the server side, but was wary of a lot of the hard-coding I was doing and assumptions I was making to fill gaps. My security prof. used to say "never implement encryption yourself", so I decided to take another gander for a helpful package. Revising search criteria to "JWT", I found jagi's meteor-google-oauth-jwt on Atmosphere. The readme is comprehensive and provides everything I need. Following the process used in The Google OAuth Guide, an authorization request can be made and a key generated for making an API call.
Link to Atmosphere: https://atmospherejs.com/jagi/google-oauth-jwt
Link to Repo: https://github.com/jagi/meteor-google-oauth-jwt/
I will update this answer with any additional roadblocks I hit in the Google API process and how I solved them:
Recently, I've been running into problems with the API request result. I get an empty calendarlist back from the API call. I suspect this is becuase I make an API call to my developer account rather than to the subject user. I will investigate the problem and either create a new question or update this solution with the fix I find.
Fix: Wasn't including the 'sub' qualifier to the JWT token. Fixed by modifying JWT package token generation code to include delegationEmail: user.services.google.email after scope. I don't know why he used such a long designation for the option instead of sub: as it is in the google API, but I appreciate his package nontheless.
I'm quickly becoming proficient in this, so if people have meteor-related google auth questions, let me know.
DO NOT USE SERVICE ACCOUNTS AS POSTED ABOVE!
The correct approach is to use standard web access + requesting offline access. The documentation on the api page specifically states this:
Typically, an application uses a service account when the application uses Google APIs to work with its own data rather than a user's data.
The only exception to this is when you are using google apps domain accounts and want to delegate access to your service account for the entire domain:
Authorizing a service account to access data on behalf of users in a domain is sometimes referred to as "delegating domain-wide authority"
This makes logical sense as a user must be allowed to "authorise" your application.
Back to the posters original question the flow is simple:
1) Meteor accounts google package already does most of the work for you to get tokens. You can include the scope for offline access required.
2) if you are building your own flow, you will go through the stock standard process and calls as explained on auth
This will require you to:
1) HTTP call to make the original request or you can piggyback off some of the internal meteor calls : Package.oauth.OAuth.showPopup() -- go look at the source there are more nifty functions around there.
2) Then you need to create an Iron router server side route to accept the oauth response which will contain a code parameter that you will use to exchange for tokens.
3) Next use this code to make a final call to exchange the "code" for the token + refresh_token
4) Store these where ever you want - my requirement was to store them not at the user level but multiple per user
5) Use a package like GoogleAPI this wraps up Google API calls and refreshes when required - it only works when tokens are stored in user accounts so you will need to rip it apart a bit if your tokens are stored somewhere else (like in my case)
I am trying to write an application that uses facebook user's events as a possible data source and unfortunately I can log in and get an access token which I can use to get my picture and UID but when I try to access my events I get an empty array.
Does anyone know how I can go about doing this?
I am using Facebook's new Graph API but I must be doing something wrong, I tried using "perm" to get extra user permissions to access their "user_events" but that did not work at all. I am stumped any help would be greatly appreciated.
best regards!!
-ritec
When you do the authentication bit, you'll also need to request access to the user_events extended permission.
This question has a little more info from someone in a similar position as you.
Further instructions for prompting for extended permissions can be found in the Extended Permissions documentation.