I have integrated Firebase in my app and captured some custom events. When I logged into Firebase console I can't find my custom attributes in filter option under user properties or audience. In AWS Pinpoint it's straightforward and we can filter it. But in Firebase is there any code we need to add or is there any method to add it?
Related
What is the standard, secure way to set the first custom claim on all Firebase users?
Firebase provides some great documentation and examples for understanding and using custom claims -- e.g. this great video example -- but most examples use an existing custom claim to authorize the creation of other custom claims; and as of this post the Firebase console provides no way to set/edit/view custom claims, nor can custom claims be set via the CLI.
Here are some options I am considering:
Create a distinct admin project, which can be used by a service account to create custom claims via the Firebase Admin SDK.
Use a Cloud Function to perform custom claim creation iff a certain Firebase console action is taken, e.g. creating a Firestore Document in collection inaccessible via security rules.
Ignore security for the creation of the first custom claim; only add security after this is already a custom claim on a Firebase user.
Have you encountered this problem and solved it more-elegantly?
There is no real standard way to set Custom Claims. The only constraint, as you know, is that they can only be set from a privileged server environment by the Firebase Admin SDK, i.e. from one of your servers, or, easier and more serverless-oriented, via a Cloud Function.
So, within this constraint, you can do whatever you want. The first two options in your question are totally valid and good ones, IMO. I've wrote an article about a year ago (How to create an Admin module for managing Firebase users access and roles) in which we use a Callable Cloud Function to do the job. Today, in most of my projects, I prefer to use a Firestore collection which triggers the Cloud Function, but it is more or less equivalent (the Callable Cloud function in the article actually creates a Firestore doc).
In this article, I share a simple approach for creating the first Claim (which I call the Admin user Claim): use a temporary Cloud Function that you trigger by creating a doc in a temporary, secured, Firestore collection. Not a very elaborated and elegant method, but it does the job...
About your third option ("Ignore security for the creation of the first custom claim") I don't think you need and should do that.
You can do as described in the article and above. In a nutshell:
Set up your system with access rights restricted to the user with the Admin Custom claim (e.g. a security rule to create a doc in the dedicated Firestore collection, or a check in a Callable Cloud Function that the caller has the Admin Claim)
Create the Admin user in the Auth service
Assign him the Admin user Claim via the method detailed above.
You are done and no security hole.
Finally, it's worth noting that a new experimental Extension dedicated to setting claims with Firestore was launched in January this year. See here and here.
I'm writing an app with Flutter and Firebase (using both Firestore, Storage and Authentication so far).
Currently the app shows content from Firebase, but now I'm trying to figure out how the best way is to implement writing/editing/removing stuff in Firebase.
The goal is to have users with admin privileges.
My question is if I can build an Admin Panel inside the client app (which would be ideal), or if that's considered bad practice and I should build an Admin Panel in another app and using Cloud Functions.
For example, currently I perform Authentication (signup/register) in the Flutter/Dart code and when registering it creates a field in Firestore isAdmin = false, which I then can manually set to true (if I want) in the Firestore console. Could this somehow be an "unsafe" way of doing this?
The goal is to have users with admin privileges
Since you are using the Authentication service you already have half of the solution: with authentication you can identify each user who is using your app.
The other part is Authorization: this is normally done with Security Rules in Firebase, both for Firestore and Cloud Storage.
To be able to authorize certain users (identified through authentication) with Admin privileges, you need to know which users have the admin role in such a way you authorized them to execute the admin functions.
One possible way to identify the admin users is to have an isAdmin flag in some user documents in Firestore, as you mention in your question. There is an example of Firestore Security Rule using this approach in the documentation.
HOWEVER, you will encounter some problem if you want to use this flag (stored in Firestore) with Security Rules for Cloud Storage. At the time of writing, it is not possible to read the value of a Firestore document in Security Rules for Cloud Storage.
The solution is to use Custom Claims. You will find all the details in the doc on how to implement it in such a way it fulfill your needs.
Can I build an Admin Panel inside the client app?
Yes, you can very well do that. As soon as your security is correctly implemented (through Authentication and Security Rules, as explained above), there is nothing that prevents you to develop an Admin panel. If a user that is not admin can access the Admin panel, he/she will not be able to perform the admin actions (i.e. writing/editing/removing Firestore or Cloud Storage data).
Moreover, with Custom Claims, you can access them in the front-end to modify the client UI based on the user's role or access level (i.e. showing the pages, buttons and menu items of the Admin module only to admin users -note however that this does not prevent someone to reverse engineer your app and execute the queries dedicated to admin users: this is why it is key to correctly implement the Authentication and Security Rules parts-). See this section in the Custom Claims doc.
Should I build an Admin Panel in another app and using Cloud
Functions?
If you don't want to over-complexify your app with some logic to hide/show the Admin panel elements (based on Custom Claims, see above) you can very well build the Admin Panel in another app.
If you have specific needs/access restrictions that cannot be implemented through standard Security Rules you could very well use some Cloud Functions to check the user is an admin and to execute the writing/editing/removing admin actions (note however that while it is quite easy to interact with Firestore from a Cloud Function, it can be a bit more tricky with Storage: using the Cloud Storage Client SDKs is much easier than interacting with Cloud Storage through Cloud Functions).
You would preferably use Callable Cloud Functions, since "with callables, Firebase Authentication and FCM tokens, when available, are automatically included in requests". (See https://firebase.google.com/docs/functions/callable).
Side Note: You may be interested by this article, which details how to to create an Admin module for managing users access and roles. (Disclaimer: I'm the author).
the idea of creating an admin panel for any flutter app
The idea is for two applications with different names and they will be linked to each other with Firebase
for more details see the video from the link
https://youtu.be/d7qoff-I8BU
Overview: I would like to send targeted push notifications in my Native Mobile App by using the segmentation offered by Firebase. The way I would like to configure this segmentation is by leveraging on custom Firebase Analytics User Properties, like specific preferences or other business specific parameters.
I've seen that is possible to update User Properties by means of the Firebase SDK and through them I will update a "custom ID" user property which helps me identifying my users; on the other side I would like to update other user parameters, which should help me segmenting users, through a backend process.
The Problem: is that I've not found how to update User Properties from a backend side, like through APIs or something like that.
Have someone figured out to implement this scenario?
Thanks
There is no server-side or REST API for Google Analytics for Firebase at the moment.
The two options that I know of:
Send the properties from your server to the client, and use the Firebase SDK on the client to get those properties in to Analytics.
Hook your Firebase analytics up to BigQuery, store the additional information from your server into BigQuery too, and then join then in your own analysis.
Is there a way to update the subscriber when the user updates their profile with their first/last name? Could that be done with a cloud function if not through the extension?
Thanks in advance
[can this be done] when the user updates their profile with their first/last name
There is currently no Cloud Functions trigger for Firebase Authentication profile updates. This means that there is no way to do this directly with Cloud Functions, and hence also not in the Auth Mailchimp sync Extension, which is based on Cloud Functions functionality.
If you build this functionality yourself (you can use the existing extension source code for inspiration), you can trigger an update of the Mailchimp audience directly from your client-side code when you also call the Firebase Authentication API to update the profile.
I'm walking through the steps described here and upon sending the verification email to myself, I get an email in my inbox from noreply#myappname.firebaseapp.com.
For other email-based auth steps, I can customize the sender name and email address directly from the Firebase console:
Am I missing something that could help me with Email Link sign-in or do I need to go through the process of modifying the SMTP settings in my app's console?
I noticed the same behavior / restriction in the Firebase console. Considering that the underlying .firebase.auth().createUserWithEmailAndPassword method could write your new user to firestore, i guess you could use firebase function to trigger a custom email via sendGrid, for example, and you could flesh out a custom workflow from there.
This article, Email via Firebase Firestore Cloud Function Triggers includes the code to trigger custom emails and could be adapted to your needs. I imagine the trick will be to get the .emailValidated property set to true. It may be as easy as switching the boolean - i don't know.
All in all, it seems like a lot of work just to get a customized validation email though. I would recommend you just stick with what they provide.