I have a small question about managing data between Firebase Authentication and Firestore.
For example:
The Firebase Authentication API stores the email of the user.
But we also use Firestore to store the other details about the user.
So the question is...
Should we also store the email on Firestore ?
I feel that a duplicate data is never a good idea. But having the email directly in Firestore should be faster and easy to access.
Thank you
I feel that a duplicate data is never a good idea.
When working with NoSQL solutions I'd highly recommend letting that feeling go. Read NoSQL data modeling and watch Getting to know Cloud Firestore for more on this.
One of the things you'll learn from that is that your data model will typically evolve for the use-cases your app needs. For example, if you want to allow the user to see or search all email addresses, that functionality is not standard available in the client-side Firebase Authentication SDK. This means you have a few options to build this functionality for your users:
The server-side Admin SDKs of Firebase Authentication do have the option to look up the email address for a user, or to list users. So you could wrap this functionality in an end-point you create and secure (for example with Cloud Functions).
You can also write the user information to Cloud Firestore (or the Realtime Database) when the users registers, and then look it up there from within the app, using Firebase's security rules to ensure all access to the data is authorized.
This is just one example, and as I hope is clear, it is based on speculating that your app needs certain functionality. But it's quite common that developers store user information that is also in Firebase Authentication in a database too.
Related
in the app, which logs the user in only through phone authentication.
now the question is can I get the user id from his phone number(not the user id of the current user though).
I have the access to other users phone number in the app, and I want to get their id for further use.
is it possible in flutter with firebase at the backend?
Looking up the UID for a user based on either phone number or email address is considered a sensitive operation. For this reason such operations are only available in the Admin SDKs, which are designed to be used in trusted environments, such as your development machine, a server you control, or Cloud Functions. For more on these, see the bottom two code samples in looking up user data in the documentation.
If you want to perform such operations from your client-side code, your two main options are:
Store the required mapping in a cloud-hosted database, such Firebase's Realtime Database or Firestore, as Huthaifa also answered.
Create your own custom API on a server or Cloud Functions where you lookup the user through the Admin SDK. Your client-side application code can then call this custom API.
In both of these cases you are in full control of what data you share, and how you secure access.
Sure you can, there are multiple approaches for this, if you post your structure for the user model, or how you are storing them in firebase.
You can run a simple Firebase query like this example:
FirebaseFirestore.instance.collection('users').where('phoneNumber', isEqualTo: thePhonenumberOftheuserYouwant2GetUIDfor).get()
You can also store the available\accessible contacts for every user in their user document, and when your user logs in, it'll fetch all their allowed user numbers.
The more information you provide to your problem, the more StackOverflow can provide you back.
I want to get User Data from firebase, I need the diplayName of a User. is there any way to get the displayName of a other user with his uid?
There is no way to look up information about another user in Firebase Authentication by using the client-side SDKs of Firebase, as that would be a security risk.
There are two common ways to allow searching the users in a secure way:
Write information about each user to a database (such as Cloud Firestore or the Realtime Database) when they register, and then search the database when needed. That way your code controls what data gets written and thus is searchable.
Firebase has Admin SDKs that run in trusted environments, such as your development machine, a server you control, or Cloud Functions. These SDKs have options to list users, which means you can search them. If you wrap one of the Admin SDKs in a custom API that you build and secure yourself, you can then call that from your Flutter code.
Also see:
React native firebase authentication searching
You can't get the name, or any other details of a user that is not currently signed in using FirebaseAuth.
Instead, you must create a node in your database where you store the name, and any other necessary details by querying the database.
In Apple's iCloud, there's a Private bucket where the user can store data, using an iOS app created by a third party, that no one else, including the iOS app creator, can see.
Is there a similar mechanism in Google Cloud Platform?
First of all, I'm assuming that you intend to read and write this private storage directly from a client app.
If you're using Firebase Authentication to sign in the user on the client, you can use either Firebase Realtime Database or Firestore to store per-user private information. These products do not have an internal sense of dedicated storage for users. What you will have to do is assign that space on your own (perhaps a "users" node in RTDB, or a collection in Firestore), and protect that space with the security rules provided by that database product. The security rules will determine who can read and write what data, based on their Auth identity.
Since you tagged this Firestore, I'll assume you intend to use that. You should read up on security rules to better understand how this works. If you are not using Firebase Auth for end user authentication, this will not be possible, however.
So my current flutter project has all users logged in with only google accounts.
Is there a way to query for user UIDs with the user's gmail or google username?
Another followup question:
I can't seem to find a clear documentation for firebase for flutter specifically, is there something like this out there?
There is no way to query across the users in Firebase Authentication from the client-side SDKs, as that would be a security risk.
If you want to allow users to find other users, the two most common approaches are:
Store information about each user in the database (typically either Realtime Database or Cloud Firestore), and search across that.
Wrap the relevant parts of the Admin SDK in a Cloud Function, and call that from your app.
While the second may sound simpler/more common at first, using a database is actually by far more common with Firebase and allows more flexibility for relatively low complexity.
I have been exploring Firebase and from my first impressions it looks really good.
I will use Auth for authentication because it's simple and I do not want to write yet another sign in/up system.
I have been looking at firestore for saving data, because it's simple and I do not have to manage a server.
And here comes the problem; Many of the examples I have seen put rules to show only the current rows with "ID" the Auth UID which they pass from the client.
But can the user can decompile my app, change the UID to other user's UID and read/write to their data?
Is this true or am I missing something?
UIDs are handled by Firebase on the server side. There is no way to reverse engineer an app and change the UID.
If for some reason a user does that or anything similar, he won't be able to login to the app thus won't have access to the data stored on Cloud Firestore.