I'm using Firebase Authentication as the authenticator for a .NET app.
I'm not using any other part of Firebase (eg. Firestore, Realtime DB) other than the Authentication.
When I log in using the firebase-ui to get a JWT token issued, it returns a "displayName" as part of the AuthResult which is basically the name field when the user first signed up.
I'm only using the Email / Password sign-in method. Where is this data stored? The Users tab on Firebase Authentication console only shows 5 fields - Identifier, Provider, Created, Signed In and User UID.
Is Firebase authentication storing the user fields like this in some sort of hidden place that I can't access unless I log in as the user?
Firebase Authentication stores user profiles in its internal database. Some of the properties are exposed in the Firebase console, but not all of them. You can get all documented properties through the Admin SDK.
Related
background of this question
I'm using firebase auth for user authentication on my app.
I realized that firebase doesn't have a log of user information changes, so I can't answer user questions about it.
So, I'm planning to move the feature of changing user account info (like email, display name, and password) from using the client-side firebase auth library to using server-side firebase auth SDK for the purpose of taking logs of these changes to use for user support. Also, I'd like to make logout a user who changes account info.
I've looked for the appropriate API on the document firebase.google.com/go/v4/auth and found UpdateUser function. The struct UserToUpdate which is a parameter of UpdateUser can set a new email address, new password and new display name, but I can't find to set the parameter to make a user logout.
my question
Is there a way to log out a specific user by firebase auth go SDK?
Firebase Authentication's client-side sign-in is based on ID tokens, which are valid until their built-in expiration (by default: an hour after they are minted). Since no server keeps a list of all the ID tokens it has minted, there is no way to mark a token as invalid on such a list either.
The common approach to revoke access for a user is to:
Revoke the refresh token, so that they can no longer mint new ID tokens with it.
Add the ID token(s) of the user to a self-managed list of revoked ID tokens.
Detect the presence of an ID token in this list from your server-side code and security rules.
Optionally detect the refresh token revocation on the client
Instead of logging the user out, you can also force-refresh their ID token/profile on the client to get the latest information from the server.
I would like to login to Firebase from an ERP system.
i.e. once logged into the ERP system, that login can be used to access a Firestore db.
The Firebase docs describe a common case: "Add an additional identifier on a user".
Is it possible to use this common case to login to Firebase from the ERP system?
Control Access with Custom Claims and Security Rules
User roles can be defined for the following common cases:
Add an additional identifier on a user. For example, a Firebase user could map to a different UID in another system.
If you want to use the users from an existing authentication system to authenticate against Firebase, you'll need to implement a custom authentication provider.
With such a provider, you:
Sign the user in with your existing system in a trusted environment (e.g. on a server).
You then use the user's credentials to mint a custom JWT token.
Send that token back the client, which then finally
Uses the custom token to sign in to Firebase.
At this point, the user is signed in to Firebase Authentication in the client, and their UID (and other properties from their token) are available in the Firestore security rules.
Is there a way to authenticate a user in Firebase by ONLY using a user-generated signature which is stored in Firestore? In other words, is there a way to generate a unique user ID associated with the signature but without having to have the user create an account with email and password?
I have a firebase project for which I have created a firebase firestore database. I use firebase auth for signing users in.
I want all documents in reference with a specific user to have their id equal to the users uid.
At first, I set the document id to the FirebaseAuth.FirebaseUser.uid
The problem with that is that the FirebaseUser.uid can change under certain circumstances (E.g. the user changes his Google account password)
Is there a persistent uid I can use to refer to a specific user no matter the authentication provider ? If not, what would be best practice ?
Normally, for a given user in Firebase Auth, the user unique ID (the uid generated by the Auth service) will never change.
For example, you can, with the Admin SDK, change the email of a user without changing its uid, see this doc.
You can also have several identity providers for the same account, with the same uid, see here:
You can sign in users to your apps using several methods: email
address and password, federated identity providers, and your custom
auth system. You can associate more than one sign-in method with a
user: for example, a user can sign in to the same account using an
email address and a password, or using Google Sign-In
Note that changing the password of an identity provider account (e.g. "changing the Google account password" as you mentioned) has no impact at all on the uid or on the other user account elements (actually the identity provider password is not stored in Firebase Auth).
So, in conclusion, using the uid generated by the Auth service is the best solution for your requirement.
I am currently using firebase to make an ionic app. I am using firebase simple login for social auth (facebook, twitter, email & password). The auth works perfectly, it $broadcasts the authed user. However it doesn't seem to create a user in the actual firebase db. I was wondering how I can get the users that have been authed using my app.
For most of the authentication protocols it supports, Firebase doesn't store user data anywhere. Even for the protocols where it does store data (I only know of email+password doing this), it stores this information in a place that your application can't access (though you can find those users in the dashboard of your Firebase).
To quote the Firebase documentation:
It does not store profile or user state in your Firebase. To persist user data you must save it to your Firebase.
What most applications end up doing, is keeping a list of users inside their Firebase that they manage themselves. So when a user first authenticates with the application, it creates a node under /users/<uid> that contains the information for that user.
See this section of the Firebase documentation that describes storing user data.
Firebase does not store profile or user state in your Firebase instance. To persist user data you must save it to your Firebase.
Firebase provides multiple authentications services
Using existing social login providers such Facebook, Twitter, Google, and GitHub. Using these services provides an option for your users to access your application without creating a new account.
Using built-in support for logging in with email & password. This requires registration and account creation that is handled by Firebase. The user account information is stored outside you application.
Using a custom authentication to implement existing server-side authentication, single sign-on, legacy systems, or third-party OAuth based services (such as Yahoo).
Once authenticated, Firebase return a variable auth to your application that you can use for authorization and access control. This variable is null for unauthenticated users, but for authenticated users it is an object containing the user's unique (auth.uid) and potentially other data about the user.
If you want to persist additional user information such as name
and location, then you need to use auth.uid and store it in your
Firebase with additional profile data.
Internally, Firebase generates JSON Web Tokens (JWTs) and creates authenticated sessions by calling Firebase.loginWithCustomToken() with those tokens. Each user is assigned a uid (a unique ID), which is guaranteed to be distinct across all providers, and to never change for a specific authenticated user.
The user data for firebase authentication is stored in firebaseLocalStorageDb in IndexedDB. After login to website, if you delete firebaseLocalStorageDb, the login user data for firebase authentication is all deleted so you need to log in website again.