I created my flutter application with Laravel passport api for auth, and now i want to use Firebase's Firestore for push notifications and messaging, how am i supposed to move forward?
All Firestore tutorials i find are joined with firebase auth.
Is there any way i can implement to actually let firestore work in parallel with laravel?
Keep your auth concern separated just like you have. What you're looking for is just FCM and there are some great packages for that I believe. I personally have built and implemented multiple back-end scenarios exactly like this.
An example of such would be as follows:
Back-End:
Laravel 7++
passport for auth (sometimes custom grants created for use case, e.g. SaaS)
fcm provider (custom self developed)
uses api routes exclusively, nothing goes through the web guard here (API First)
Front-End/App:
Angular 9+ / React / Vue2+
standard oauth using password grant (you should look into PKCE)
Flutter APP
standard oauth (custom built) with provider state management
Communication / Scenario:
Imagine flutter app and front-end like portal app in Angular, imagine your goal is to keep the data on both in sync? There are many ways to accomplish this, but also imagine that you really do not need any sort of stream, so what do you do?
You follow observer pattern that'll get you exactly where you wanna be. In this case I would simply choose Firebase Cloudmessaging and have my apps and pwa / spa subscribe to a channel.
Logic: (Passive aggressive reactive approach)
App 1 triggers an update of data
Back-end receives request, processes and triggers an update notification to channel
Other apps listening on that same channel (FCM) will go and call the API to get updated data.
So as simple as that you have created a very reactive system, and people won't know the difference that it isn't live streaming information from a -> b
Related
I'm developing an android app with firebase as a backend and I heard a word named Admin SDK. I had searched for it and found it is used to manage data.
But I have a doubt that firebase provides a console webpage (console.firebase.google.com) to manage data, but why there is a separate Admin SDK?
Can someOne please explain...
The firebase admin SDK provides a simple and easy way to modify firebase settings and data using API calls.
For example, you might ask: why should you even have a regular SDK to store data? After all, you can store and save data directly from the web interface. It is, however, simply not secure or practical to have users update their own data each time using the console.
Similarly, the admin SDK is just like the regular SDK but with administrator permissions. For example, it allows you to bypass the rules set up using your firestore rules. The Firebase admin SDK is meant to be used on your backend - so you know it is running trusted software. You know that it will act the way you expect it to, unlike code running client-side that can't be trusted.
For example, let's say that you want to be able to delete a user's post if certain conditions are met. The user will make the request to your server, and it will check if the conditions are met, and then delete the post using its admin privilages. Sure you could technically automate this using firestorm rules, but those can be quite cumbersome and might not work in more complicated examples.
You can also even use it to integrate with other applications like connecting your app to a moderation tool or a curse detector that can't or shouldn't run on the client's device.
Is your question is why does Admin SDK exists?
There are several administrative tasks such as deleting users, listing collections and many more which the client cannot and should not be able to do.
Firebase Admin SDK has admin access to your Firebase project's resources.
It does not obey any security rules and can read/write any of your database, storage bucket..
That is why you must use Admin SDK in a server (or cloud function only). Although I feel Firebase Admin SDK is more useful if you use your own servers and authentication method. If you are using a custom server then:
It can be used to generate custom token so you can authenticate users using your own method (maybe legacy auth system) but still use Firebase Authentication to handle the auth tokens thereafter.
If you use your own database (and not any from Firebase), the Admin SDK can verify the ID Token sent by client and get identity of that user. Thereafter it's could be a simple if-else statement for you to decide if the user has access to the request resource or not.
I am currently creating a marketplace mobile application from scratch and I'm using React Native for the front-end part and Firebase for the backend (using Firebase and Firestore).
I am wondering wether :
I should create a RESTful API using cloud functions and express to create API endpoints (that would connect to firebase and firestore) that I'd call from my redux actions in my React Native app (using redux thunk).
or, I should call firebase and firestore directly from redux actions.
I see couple pros and cons for each method.
Restful API pros :
Safer as I can check and manipulate submitted data more easily
Custom API reply (I can manipulate the return data)
Restful API cons :
Probably slower as I would have to call an API endpoint that will then call firebase and/or firestore.
Won't be as easy to set listeners on firestore data
What do you think about it ?
Which option should I choose knowing that I predict that the app will get a few thousand users daily. I want it to be as fast and safe as possible and be able to set listeners for notifications purposes.
In my opinion you should mix them, if you have to manage users, products or etc. Firebase produces client and admin sdk that has different roles. If you haven't need manage any data of products or users or etc. you can simply use client sdk.
My advise is you can use admin sdk on API (server-side) and feel free to use client sdk on your clients.
Use as managements on API, listening data, realtime chat etc. via client sdk.
You can check admin and client sdk. Also npm packages for React Native here.
Mixing will be of help, you can try:
Listen for small amounts of data using the client SDK
Write and sort data using the cloud functions
In my experience, writing to a firebase database that uses ordered ids (in my case) leads to some huge problems in the long run. I lost a good chunk of data when my app accidentally wrote to a root index instead of a child index when the app was resumed from inactivity because the android system cleared the RAM.
Also, for notification, use Firebase Cloud Messaging.
I want to develop an Ionic app for android and ios using firebase backend.
Requirement:
1. I want to use anonymous authentication silently so that user does not have to be worry about login.
2. I just want to display list of some items on the home page using Firestore api.
Question/Problem:
1. How does firebase will get to know that only the my app using the firestore get api.
2. If I am storing api credentials/secrets in my android app and if other user somehow knows these credentials, will that person be able to use api on behalf of my credentials and I will not be able to track the usage.
Top Level:
If someone know my firebase api credentials/secrets, will that person be able to utilize my firebase quota in case I am using firebase anonymous authentication.
Thanks in advance.
The settings you use to initialize the Firebase SDK are not "secrets". It's all very much public information that identifies your app from all the other Firebase apps out there. Every Firebase app has a similar set of public data. Once you publish your app, you should assume that everyone is able to see that data.
This means that anyone can use that data. That's why it's important to use Firebase Authentication along with security rules to make sure that people logged in can only make use of whatever resources you specify. That's the only way to lock down the data in your Firebase project. If you are concerned about security, then you should be thinking about your security rules from the very beginning.
I currently have an iOS app that implements Firebase to authenticate users and store data references in its realtime database. I want to add a feature to the app where the logged in users can purchase a good and I want to use Stripe to process the payment. I know in order for Stripe to work, a backend server must be uses to help the transaction go through since Stripe only delivers a token and doesn't actually process the payment themselves. I was curious as it's possible to just use Cloud Functions for Firebase as my backend sever to communicate with Stripe instead of having to use another backend service. It makes sense try to implement Stripe with Firebase since my app already relies on Firebase for all its sever side functions. Any help, or advice that could point me in the right direction on how to accomplish this will definitely will be appreciated.
You most certainly can hook Stripe into your app (not just iOS, but any client platform). There is sample code provided by the Firebase team that illustrates how you might use a database trigger to initiate a payment using Stripe's node.js API.
I am trying to create a REST API for my app using Firebase Cloud Functions. I know how to use Admin SDK in Cloud Functions. It does have API to createUser. My front end app lets users sign in using Google and Facebook but I am not sure how to put it all together.
My app has successfully implemented Sign in with Google and Sign in with Facebook but how and what data do I transfer over to Cloud Functions (or any REST API Server for that matter) so that it could create a user in Firebase with appropriate provider.
Update for more explanation
I am creating an app for iOS and Android with some sort of cloud based backend. Right now I am experimenting with Firebase but I do not intend to tightly couple my apps to Firebase and hence do not want to pull Firebase-iOS and Firebase-Android SDKs into my app code. I want the ability and freedom to switch my backend over to AWS or Azure without changing frontend code.
The one (and only?) way is to create a server that will expose REST API endpoints and do the work on my behalf that usually SDK does. To achieve this, I am using Cloud Functions but that shouldn't matter as long as I have API to talk to actual cloud.
After putting that explanation, now my question is how do I let my users login to app using external providers like Google and Facebook and still achieve what I am trying to do. When I let users sign in with providers, I do not have their password to send to backend to create a new email/password user.
The sample code that best illustrates what you want to do here on GitHub.
It shows how to create an Express app that handles HTTP request pages. Learn more about Express to configure it for wildcards are needed.
It accepts and checks authentication tokens in HTTP requests from Firebase Authentication to validate the end user responsible for the request.