firebase users login through mobile - firebase

I'd like to know if it's possible for a mobile registered firebase user to log-in without authentication procedure, in other words:
Lets say an administrator creates a firebase user by console (or web interface to console) then is it possible that when this user launches the app on his mobile he just logs in without the authentication procedure?
To put it simple, is it possible for mobile users a log-in like email/password user: just enter the number and log-in?

If you're referring to using a Phone Number for authentication this is supported by Firebase and the documentation can be found here https://firebase.google.com/docs/auth/ios/phone-auth
The caveat to this is that you can't create a user through the Firebase console as you were suggesting. It relies on the user using their mobile number to register when they logging in for the first time.
The other option that may or may not be applicable is to use Anonymous authentication along with a collection of predefined users with numbers as Peter suggested above.

You can add new users from the console, first you need to enable the email/password Sign in method. Then you can add a new user:
Then the user can login using the email/password added in the console.
If you want the user to enter a number and login, then associate a number in the firebase database with the email:
Users
userid
email: userx#gmail.com
number: 102

Related

Firebase disable automatic login account creation

I am building a web and mobile app using firebase. When signing with Google, firebase auto creates a new account in the project (Auth) if one does not exist. Its fine with the mobile app.
But with the web, I just want existing users (who created accounts with mobile app) to signin and not create new accounts via web.
How do I setup firebase not to create new accounts if one does not exist?
There isn't a way to restrict social sign-in with Firebase Auth to "only sign in, not sign up".
If you have a means of detecting users that have signed in using the app at some point (e.g. by writing a value to your database in a specific location), you could check for that value when signing in via the web, and, if missing, display a screen encouraging users to install the mobile app.
I think this is what you are looking for:
Link Multiple Auth Providers to an Account Using
JavaScript
You can allow users to sign in to your app using multiple
authentication providers by linking auth provider credentials to an
existing user account. Users are identifiable by the same Firebase
user ID regardless of the authentication provider they used to sign
in. For example, a user who signed in with a password can link a
Google account and sign in with either method in the future. Or, an
anonymous user can link a Facebook account and then, later, sign in
with Facebook to continue using your app.

Make Firebase phone authentication more secure

I've created an account in Firebase using phone authentication. However, from the documentation, it mention that:
If you use phone number based sign-in in your app, you should offer it
alongside more secure sign-in methods, and inform users of the
security tradeoffs of using phone number sign-in
I couldn't find a field to inject the password into the users database.
Should I enable the password/email sign in method? Is there any documentation to refer to?
I added email and password using:
createUserWithEmail:email:password:completion:
2 accounts are created:
I should rephrase my question to:
If the user logout, when they sign in again should they use the phone number, or email and password?
This is what it says in the documentation:
Authentication using only a phone number, while convenient, is less secure than the other available methods, because possession of a phone number can be easily transferred between users. Also, on devices with multiple user profiles, any user that can receive SMS messages can sign in to an account using the device's phone number.
If you use phone number based sign-in in your app, you should offer it alongside more secure sign-in methods, and inform users of the security tradeoffs of using phone number sign-in.
So all it means is that it is better to use another method with it, like email/password method.
When you enable that, then the user can create an account using his email, and you do not need the password, only the user id after he creates an account.
more info here:
https://firebase.google.com/docs/auth/ios/password-auth
Base on #Peter Haddad answer:
Updated the code to link the phone authenticated user and email/password authentication method.
FIRAuthCredential *credential =
[FIREmailAuthProvider credentialWithEmail:userEmail
password:userPassword];
[[FIRAuth auth]
.currentUser linkWithCredential:credential
completion:^(FIRUser *_Nullable user, NSError *_Nullable error) {
// ...
FIRUser *tmpUser = user;
}];
You should see these in the console (with only one row with 2 authentication type instead of 2 rows) :

Firebase: Link facebook account with existing user

I have a current database with active users in Firebase that can login with user/pwd but now I'm implementing the facebook login and I realised the only way to link a facebook account with an existing user is only when the user is already logged with the user/pwd but not before the login.
I have two buttons in my app (login with fb and with email) but if I try to login with fb using the same email of an existing user, I will receive the following error auth/account-exists-with-different-credential and the documentation says that in order to fix this the user needs to login first then link.
Do you know if there is a way to link both accounts but without perform a login first, I mean, from the login view?
You need to sign in the user first before linking. This is important if you want to ensure it is the same user. Otherwise you can switch to multiple accounts per email in the Firebase console.
The way to solve this, when you get the error auth/account-exists-with-different-credential, the error will contain error.email and error.credential after you sign in with Facebook and the account already exists as a password account.
You then call firebase.auth().fetchProvidersForEmail(error.email) to which resolves with the list of provider IDs for that email. In this case, it will contain ['password']. You then ask the user to provide their password. You call signInWithEmailAndPassword(error.email, password) to sign-in the original user. You then call firebase.auth().currentUser.linkWithCredential(error.credential) to link the Facebook credential to the password account. Now both accounts are merged and the user can sign in with either.
I fixed it by going to the Firebase console. then head over to the authentication section and select the Settings Tab. Afterwards, go to User account linking and check Create multiple accounts for each identity provider

Firebase : Authentication providers different email address

If I register with Facebook (x#x.com) and later log in with Google (y#y.com), but I do not have the same email address on both providers, there are 2 users created. How can I handle this situation?
Linking is typically used in three cases:
Automatically requested by the backend for security reasons: when a user signs in to google for example with email x#x and then logs out and tries to sign in with a new facebook account x#x. In this case the backend will not complete the second sign in without verifying that the second user is the same as the first user (since both use the same email). So in this case, the user has to sign to the google account and then link the second facebook account to the initial one.
Manually triggered by the developer: One common case here is that the user signs in to google with email x#x and remains signed in. The developer wants access to the user's facebook friends. So the developer will ask the user to link their facebook account to the already logged in google user.
Upgrading an anonymous user: Developer could automatically sign in users initially as anonymous and then prompt them to upgrade to a registered user. In this case you can call link on the anonymous user.
So auth.currentUser.link can be made on all kinds of users as long as the account you are linking is new and not already linked.
You'll want to use the Account Linking APIs to authenticate multiple providers for the same account. Docs for Web, Android, and iOS are available.

How can handle separate login for two types of users in same firebase app?

I have a scenario and looking solution for that. I am working on an application and Using Firebase to create and authenticate the User. In my app, basically two types of users (1.User & 2. Vender) and User can signIn on app but vender need to login on web panel. We are using firebase default method (.createUser) to create user and it's already working.
Now I wants to create Vender profile too in same app but Vender can login only on web app and user can login on Mobile app.
Is it possible ? If yes then please guide me that how it's possible ?
Thanks in advance.
This is a fairly open-ended question but I think it comes down to two things: determining the user type (vendor or user) and detecting what platform they are signing up on.
Both are pretty easy.
Heres's the structure which leverages a /users node to store additional info about the user. From Storing User Data
users
uid_0
name: "William:
type: "vendor"
uid_1
name: "Leonard"
type: "user"
and then when the user attempts to log in, the app checks their user authentication, which will result with authData.uid being populated.
Then it would look up the user via authData.uid and check the user type. If it's a Vendor, display a message to the user that they must log in via the web portal, and don't proceed into the app.
There's a 100 other ways to handle this - setting up a Vendors Node and a Users node for the app to auth against to having them select Vendor Or User before entering their authentication credentials.

Resources