Using Firebase I want to create different groups of users (i.e. users, admins etc) for my app. I've created some users via the console but I'm trying to find out if it's possible to assign roles to these users via the console too?
After some reading on their website firebase recommends using custom claims which can be encoded within a user's access token. This sounds perfect but the only way I can find to issue such claims is coding an app to access the admin SDK. Is there any way to achieve the same functionality but via the firebase console instead?
Related
I am currently developing multiple apps with Firebase and I have a doubt. I have a user and an admin. My problem is if I am using the same firebase database, will the user be able to sign up into Admin's app using his credentials or both app will have different authentication. I don't want the user logging into the admin app with user credentials. If it is possible, what can I do to avoid it?
I haven't done trying it.
Can I use multiple apps on a single Firebase database?
Yes, you can.
Will it use the same auth or a different auth?
If both apps are added to the same project, then the authentication will be the same for both projects. This means that the user can use the same account for both projects. This also means that both apps can write/read data to/from the same database.
You can solve this in multiple ways
Have a different collection to store the data of the admins and then check on the login if the email is present in the collection
With the Rules of Firestore
I'm developing an android app with firebase as a backend and I heard a word named Admin SDK. I had searched for it and found it is used to manage data.
But I have a doubt that firebase provides a console webpage (console.firebase.google.com) to manage data, but why there is a separate Admin SDK?
Can someOne please explain...
The firebase admin SDK provides a simple and easy way to modify firebase settings and data using API calls.
For example, you might ask: why should you even have a regular SDK to store data? After all, you can store and save data directly from the web interface. It is, however, simply not secure or practical to have users update their own data each time using the console.
Similarly, the admin SDK is just like the regular SDK but with administrator permissions. For example, it allows you to bypass the rules set up using your firestore rules. The Firebase admin SDK is meant to be used on your backend - so you know it is running trusted software. You know that it will act the way you expect it to, unlike code running client-side that can't be trusted.
For example, let's say that you want to be able to delete a user's post if certain conditions are met. The user will make the request to your server, and it will check if the conditions are met, and then delete the post using its admin privilages. Sure you could technically automate this using firestorm rules, but those can be quite cumbersome and might not work in more complicated examples.
You can also even use it to integrate with other applications like connecting your app to a moderation tool or a curse detector that can't or shouldn't run on the client's device.
Is your question is why does Admin SDK exists?
There are several administrative tasks such as deleting users, listing collections and many more which the client cannot and should not be able to do.
Firebase Admin SDK has admin access to your Firebase project's resources.
It does not obey any security rules and can read/write any of your database, storage bucket..
That is why you must use Admin SDK in a server (or cloud function only). Although I feel Firebase Admin SDK is more useful if you use your own servers and authentication method. If you are using a custom server then:
It can be used to generate custom token so you can authenticate users using your own method (maybe legacy auth system) but still use Firebase Authentication to handle the auth tokens thereafter.
If you use your own database (and not any from Firebase), the Admin SDK can verify the ID Token sent by client and get identity of that user. Thereafter it's could be a simple if-else statement for you to decide if the user has access to the request resource or not.
I am using Firebase Authentication in my app. I used method like setDisplayName in my app so that user can change the user's name himself through the app. But, the problem is that I can't access this name through my console. I can't edit it. There are simple columns in Firebase console like,
identifiers,providers,UID,Providers,Signed In.
There is no column for User Name. How can I access this information through console?
The Firebase console shows only limited information about each user profile. The rest of the information is only available when you access the profile through a Firebase API, or export the data.
Keep in mind that Firebase provides Admin SDKs, which you can run on your development machine to accomplish simple administrative tasks such as this.
I have a Firebase project, which I'm currently using with android. I need to programmatically fetch details of the users authorized along with the UID, Email, etc. Exactly the way it is shown in firebase (with the search), this web portal will be given to the vendor or the person using it to verify the user's authenticity.
I've attached the screenshot from Firebase, I'm hoping to replicate it the same way with the search. If this is possible, how do I go about doing this?
It's not possible to list users from an Android app, using only the Firebase Authentication SDK. You can list users using the Firebase Admin SDK, but that can only be run on a backend you control, using service account credentials for your project.
It might be easier if you store user info in a database, to be queried by client code, rather than try to have your app try to access auth data directly.
I have a Firebase app, and I want to know if it's possible to restrict a Firebase Console user to access only to the "Authorizations" tab. (to CRUD users). The access must be by the Firebase (regular) Web Console
Especially, I don't want the user to see the database data via the web console. Is that possible? I've managed to give him access to the entire project, and he can do anything I can do (is an Admin).
I haven't found nothing about this in the docs / searching.
firebaser here
Collaborators on a project currently have access to the entire Firebase Console. You can limit to having read-only access, but you currently can't limit what panels they have access to.
We've heard the request before and know this would expand the usefulness of the Firebase Console. I recommend that your file a feature request, to add your vote.