I am using .info/connected for presence system in my chat app, I want disconnect .info/connected once user logout from app so he will not see online anymore.
(As after logout app will go to login page i.e app still in foreground and .info/connected is returning true)
Presence system working perfectly when app close,but I want to change status to offline once user logout.
If you want to programmatically control the connection state of the app yourself, you can call goOffline and goOnline from your code. Going offline will close the connection that the client keeps to the Firebase backend, which in turns will make .info/connected become false.
Related
Im using Flutter and Firebase. I am trying to figure out if there is a 'built in' way to detect when a Firebase account has been disabled, so that the Flutter app can react and sign out that user if they are logged in already?
I could accomplish this task by adding a 'isDisabled' property to the users document since I already listen for changes to that doc and if it becomes 'true' then log them out. This would require that two changes are made, the 'isDisabled' is set on user doc and account is marked disabled under Authentication.
It just seemed like there might be a more direct way to accomplish this task.
There is not really a more direct way. Firebase Auth is not "realtime". When an account is disabled, the SDK does not know about it immediately. In fact, the user's auth token will stay valid for up to another hour after the time it was disabled. When the token finally expires, the SDK will no long be able to refresh it, and the user will become signed out. Your code will then see that the user is signed out, and they will not be able to sign in again.
I'm using angular in my project which user swPush. The notification works fine, but even after user1 logged out am getting the push notification. I don't want to push notification to the logged out users.After the user2 logged in both user1 and user2 getting notifications on the same device, this confuses the user. I want to restrict the user to get notification only when they logged in. How can I do achieve this. Is there any method.
I already try unregistering the service workers using
navigator.serviceWorker.getRegistrations().then(function(registrations) {
for(let registration of registrations) {
registration.unregister()
}
})
But after using this, both the users are not getting notification.
Thanks and regards
You should not unregister the Service Worker registrations because, well, that unregisters all of them. Unregistering Service Worker prevents any push logic from happening since web push is a layer on top of Service Workers - you need to have Service Workers registered and active in order to use push notifications, right?
You have two options if you only think about "showing the notifications":
When the user logs out, stop sending the push notifications. Of course this means that the web app logic has to inform your server somehow that now the logout event happened and precisely who it was (which of the possible different browser sessions of this particular user). Of course your server should already have information about the logout event.
Keep track of the logged in user in the browser (your JS code) and only show push notifications relevant to that user. You need to somehow distinquish between the receivers of the push notifications and the active user sessions in the browser and most likely handle it in self.addEventlistener('push', ...) in the SW.
If you think about privacy/security standpoint, the option #2 is of course wrong. If you only hide/not show the logged-out user's notifications, it means you're still sending them from the server. The notifications could include private information and whatnot.
So really you should go for #1. That's the right way to implement this. It leaks no information from the logged-out users, keeps the users' push subscriptions separate, and saves bandwidth.
I have a react native app that users can login or signup through it, I use firebase to log them in but I don't understand what am I supposed to do with the returned object from firebase.auth().signInWithEmailAndPassword(email, pass); and createUserWithEmailAndPassword(email, pass);.
Am I supposed to use one of the parameters it returns? how?
Is each backend call (my backend not firebase's) supposed to be with one of the strings it returns?
Also which strings should I save on local storage so the users won't have to login again? I set firebase.auth().setPersistence(firebase.auth.Auth.Persistence.LOCAL);.
Also which strings should I save on local storage so the users won't have to login again? I set firebase.auth().setPersistence(firebase.auth.Auth.Persistence.LOCAL);
This ensures that Firebase persists the authentication token in local storage. You don't need to do anything else. When the app restarts, Firebase automatically finds the token in local storage and re-authenticates the user with that information.
Most likely you will need to add a listener to onAuthStateChanged() to ensure you can update the UI of your app to this authentication state. For more on this see getting the current user in the Firebase documentation.
In the case of a SPA (Single Page application), the returned object from firebase.auth().signInWithEmailAndPassword(email, pass); should be used to set the user name, email fields and display photographs inside your protected app pages. Also, since the user is in signed in state you can display private links inside this promise. You can also update user's profile inside this promise.
In the case of a multi page application, you might check the profile verification status and then redirect to your app's home page on the basis of the same.
You are supposed to get the ID token in your backend to identify valid requests
Firebase automatically stores the current user data in local storage which persists till the user logs out or the localStorage gets corrupted(?). You can confirm this from the fact that firebase auth does not work in case of Safari private browsing mode as it doesn't support localStorage methods.
In short, nothing has to be done on your part to ensure data persists in localStorage, Firebase uses onAuthStaeChanged event listener to toggle sign in stage for a given user across all registered devices.
I can’t seem to be able to force the user consent dialog to appear.
The first time user logs in, the consent dialog properly comes up.
However, after we change the app permissions or the user manually removes the app consent (from portal.office.com/myapps) then we can no longer cause the consent dialog to re appear.
Details:
UWP Windows 10 native client connecting to WebApp (ASP.NET) which calls downstream WebApi (O365) using the “on-behalf” oath2 pattern (using latest 3+ ADAL libraries)
Single tenant WebApp (no special admin perms)
After changing WebApp permissions (eg adding more o365 apis) or the user removing the WebApp consent, the WebApp’s AcquireToken returns AADSTS65001
Using wtr.Properties.add(“prompt”, “consent”) in the UWP client app does not cause consent dialog to re-appear
Re-cycling WebApp (to clear the built-in AAD token cache – it doesn’t use its own token cache) or clearing the client’s token cache (by login out) does not help
What is the proper way to having the user re-consent?
I am using angularFireAuth and angularFireAuth provides a logged in user variables. Let say $scope.user.id and I use this to verify if the current user logged. And also I use angularFireAuth.logout() to logout user.
Everything work fine on a single open browser tab.
But it doesn't work on multiple tabs.
Login 1 of the tab WILL NOT login the other tabs and set the logged-in variables
Logout 1 of the tab DOES NOT clear the other tabs variables and logout.
So it means
I opened 2 tabs, I call it tab A and tab B. When I logout or login in tab A.
Tab B will not do neither. In the sametime, if I submit something required authenticated in tab b (which tab A already logged out). I still able to submit. (unless I manually do refresh).
If you refresh the browser when you return to the second tab the authentication stored in local storage should update.
You can also leverage the local storage event to share events with other tabs and windows on the same domain. In the case of firebase, the user should automatically be updated within local storage, and kick off an event.
Listen for the storage change event then use firebase getAuth or the API that calls getAuth in angularFireAuth.
Could look like:
function onStorageEvent(storageEvent){
var authData = ref.getAuth();
if (authData !== null) {
// you're logged in
}
}
To be safe a messaging protocol that allows you to specify the action or event that should be handled can be implimented to use the local storage (You will recieve an event everytime storage state changes, ensure to have a message field in storage you can update and only complete actions on the other tabs based on events that update that message array, more safety should be involved here as well).
Shared storage messaging should only be required in case user was previously logged out, and it is intended that, all browser tabs open should change to logged in state when the login is completed in a different tab. Once logged in, all firebase events over websocket recieved by TabA should also be recieved by TabB, so that intertab communication would not be required.