I am using theFirebaseAuth Flutter plugin in order to manage the authentication process of users in my app. So far, I have been able to retrieve data from the current user with no trouble. However, I would like to retrieve user information data such as the profile picture using the UID of that user. This is quite easy when the user I want to get the data from is the current user, but I can't see the way of doing that when the user is different.
Is it possible, in some way, to build an instance of FirebaseUser specifying the UID? Or am I forced to store that information in some external storage platform? I prefer
For security reasons, getting user info from any user besides the current one has to be done in a managed environment like a server or Cloud Functions. You can use the Admin SDK to handle this.
Related
in the app, which logs the user in only through phone authentication.
now the question is can I get the user id from his phone number(not the user id of the current user though).
I have the access to other users phone number in the app, and I want to get their id for further use.
is it possible in flutter with firebase at the backend?
Looking up the UID for a user based on either phone number or email address is considered a sensitive operation. For this reason such operations are only available in the Admin SDKs, which are designed to be used in trusted environments, such as your development machine, a server you control, or Cloud Functions. For more on these, see the bottom two code samples in looking up user data in the documentation.
If you want to perform such operations from your client-side code, your two main options are:
Store the required mapping in a cloud-hosted database, such Firebase's Realtime Database or Firestore, as Huthaifa also answered.
Create your own custom API on a server or Cloud Functions where you lookup the user through the Admin SDK. Your client-side application code can then call this custom API.
In both of these cases you are in full control of what data you share, and how you secure access.
Sure you can, there are multiple approaches for this, if you post your structure for the user model, or how you are storing them in firebase.
You can run a simple Firebase query like this example:
FirebaseFirestore.instance.collection('users').where('phoneNumber', isEqualTo: thePhonenumberOftheuserYouwant2GetUIDfor).get()
You can also store the available\accessible contacts for every user in their user document, and when your user logs in, it'll fetch all their allowed user numbers.
The more information you provide to your problem, the more StackOverflow can provide you back.
I'm making a little Snapchat clone, and a part of this app I'm trying to build is the ability to add a friend and start a conversation with them. I'm using Firebase to manage my users and I'm a little stuck now trying to figure out what works and why I'm getting problems trying to use some methods or functions.
What I want is this simple line of code to work:
var userByEmail = await _admin.app().auth().getUserByEmail("b#gmail.com");
print(userByEmail.toString());
However this has been giving my some problems, most recently, the following error message:
Unhandled Exception: FirebaseAuthError(auth/invalid-credential): Must initialize app with a cert credential or set your Firebase project ID as the GOOGLE_CLOUD_PROJECT environment variable to call verifyIdToken().
Getting to this point made me want to first ask a question about FirebaseAdmin and Auth before continuing and potentially screwing up my app settings.
Is there a simple way to do what I'm trying to do?
I have a Firebase.instance.initializeApp() in my Main function, do I only ever call that once or should I start initilizeApp in the initState of each Stateful Widget where needed?
What does this error message actually mean?
You are trying to use the Firebase Admin SDK in your Flutter code, which is not possible. The Admin SDKs give full administrative access to your Firebase project, which would be a serious security concern if you allow that in your Flutter app.
If you want to allow certain administrative functionality in your application, you will have to make that functionality available yourself. For example, to look up a user by their email address, there are two common approaches:
Store the minimal information about each user in a cloud-accessible database (such as Firebase's Realtime Database or Cloud Firestore) when each user registers with your app, and then look it up from there.
Wrap the getUserByEmail from the Admin SDK in a custom API that you make for yourself, on a server you control or in Cloud Functions. In that API you validate that the user making the call is authorized to do so, then call Firebase through the API you were trying to use, and return the minimal result back to the caller.
Both of these are feasible and can work to solve a variety of use-cases. But if you've never built backend code before, you might find the first approach easier to get started with.
Also see:
How to get Firebase UID knowing email user?
Flutter get User Data from Firebase
The right way to do what you want is using Firebase auth, authenticating your user and using a collection to store and retrieve users information. That auth information provided by firebase should only be used for authentication and security purposes.
The Firebase admin must have a user logged in to work properly, but its purpose is to provide a more administration environment and should not be used inside a clients app, unless its an admin app.
With all that said, lets go for the rescue:
Authenticate your user (using firebase auth);
After auth, save all the user information you want to share with other user inside its own collection (you will need to create one);
When an authenticated user (this is important) 'request any other users data, you query for the data in the previous created collection.
I have been exploring Firebase and from my first impressions it looks really good.
I will use Auth for authentication because it's simple and I do not want to write yet another sign in/up system.
I have been looking at firestore for saving data, because it's simple and I do not have to manage a server.
And here comes the problem; Many of the examples I have seen put rules to show only the current rows with "ID" the Auth UID which they pass from the client.
But can the user can decompile my app, change the UID to other user's UID and read/write to their data?
Is this true or am I missing something?
UIDs are handled by Firebase on the server side. There is no way to reverse engineer an app and change the UID.
If for some reason a user does that or anything similar, he won't be able to login to the app thus won't have access to the data stored on Cloud Firestore.
I want my users to sign in with multiple accounts (Not linking multiple providers)
like gmail, it allows you to use multiple signed in accounts at the same time
you can check all inboxes for all accounts at the same time
e.g. I am a User and I want to use two accounts
john#example.com & john21#example.com
I want both emails signed in (there are two auth tokens in this case)
I have searched about it in Firebase docs, I couldn't find anything
Is this possible in Firebase Auth?
From one project, no i don't think you can have two users signed in.
You can create another Firebase project and add your app there (you'll be able to add your sha-1 on either one). You can then look up their approach to using two Firebase projects in one app.
You'll be able to sign in with two users in this way if there are two projects to sign in with. You'll have to manage your users across both the databases on your own i.e same user will have to have an account with same credentials made in both the projects.
It's complicated but it can be done. I use anonymous sign in from two separate projects simultaneously in my app, both users are the same... Just their projects are different.
I was thinking about this issue, reading through the documentation and found that you can re-authenticate a user by credential. So maybe you can do it this way:
when a new user wants to sign in you take his info as AuthCredential object like this:
AuthCredential credential = EmailAuthProvider.getCredential("user#example.com", "password1234");
//there is also GoogleAuthProvider, FacebookAuthProvider...
then to actually signing him in you use signInWithCredential(AuthCredential) :
FirebaseUser user = FirebaseAuth.getInstance().signInWithCredential(credential);
Now you need to save the credential object and the user object somewhere safe.
If you want to add new user you do the same and save the new objects.
After that whenever in your app you want to switch between the users you get that user's object and call reauthenticate(AuthCredential) method:
myFirstUserObject.reauthenticate(myFirstUserCredential);
I didn't really test this, you think it could work? I don't know exactly how to save the objects and if there is a safe way to implement it without exposing each user's credential?
Multiple simultaneous logins in the same project is not supported with Firebase Auth.
You could possibly have multiple logins between multiple projects if you manually initialize the Firebase SDK with the settings for the other projects.
I was wondering if getAuth().uid is sensitive/private in anyway? I am planning to use it on a user post something like: post.created_by: getAuth().uid. This makes writing rules/logic a lot easier.
The other way is to use the push id when the user is added to the database, which I'm trying to avoid.
No its safe to use the uid and recommended, firebase uses auth to authenticate the user and the assign the uid to identify the user across firebase.
You will be using uid in your security rules and as well as to identify user info in your db records.
Manually creating another id will render the efficiency of firebase useless.