I'm trying to edit email address and password for other user via code. Is this possible to do without Admin SDK? I'm asking because I dont have backend skills yet. Does Firebase have a method to login user via uid? Maybe this way I will made my goal?
Users can only update their own data in mobile apps using the Auth client SDKs. It would be a gigantic security hole if any user could modify or log in as any other user without credentials.
Related
I made a website and setup up a firebase signup for it. But I don't want users to signup with their emails. As the Website should be only accessed by a specific email and password which I would provide. How can I setup this functionality. Can someone explain the process.
Create the email/password account manually in the Firebase console
Give the account information to the user
Code the account password to the user, and code a way for them to sign in with the Firebase Auth SDK.
I am currently developing an angular+ionic app. Everything is working ok but I got a question with the forgot password workflow: sendPasswordRestEmail -> user clicks link -> user fill form -> user submit form -> password and oobCode send with the firebase auth api, which I am accessing through angular fire package.
As I said everything is working as intended. The only "issue" I see is that firebase not only sends password reset email to user that created their account with an email/password but also users that are using an external provider like Google ( sign in with google). I havent test login with Facebook at this point but it is happening with google provider. I just want to make sure if this is the intended workflow or something may be wrong... a bug or something? before I post an issue on github, because even though the user can "change its password" when using an external provider, it is having no effect on their external account(gmail account) which of course should have no effect.
Sending a password reset email from Firebase allows the user to reset the password on their Firebase Authentication account. It has nothing to do with the password they may have with any social provider associated with that account.
I have an Ionic application using Firebase so I opted to use Angularfire. Currently running Angularfire4. In my application I store the uid and I want to get email related with that uid. I use the email/password login provided by firebase. How can I translate the uid to an email?
The only method found is when using nodejs.
The only data that is exposed in the client-side Authentication SDKs is the profile of the currently authenticated user.
There is no way to look up user data for a UID with the Firebase Authentication client-side SDKs. While admittedly convenient, it would make leaking user-data way too easy.
The only way to look up user data by UID is using the Admin SDK that you found. The idea is that you run those in a trusted environment (e.g. a server you control, or Cloud Functions) and selectively expose the user data that your app needs.
I wanted to create a discussion about the best way to handle a situation such as when you can have users that login with Gmail, Facebook or simple email and yet they have a password change.
Should we allow a password change outside of the simple email authentication?
I think this is why we have fetchProvidersForEmail() method in Firebase 3. It creates a problem when a password is changed when a user's initial provider was based on Facebook authentication.
The Firebase 3.x documentation is a bit nebulous in terms of best practices.
I know how to remove registered users manually via web interface (which is also answered by this question). This can be done without providing user's password.
Is there a way to remove a user automatically without their password? I have only found removeUser API call which requires user's password.
It would help to simplify deployment for testing/stage environments.
There is no API to programmatically access the email/password users in Firebase.
For development purposes, you can delete them through the Login & Auth tab of your app's dashboard.