I can create users in Firebase using email and password.But there's now way I can change the password of that user using database. How can I get this done?
Update User Password (must be authenticated).
Related
I'm working on a Node js project using Firebase. Currently, I store several User fields in the database under their email address. (Users > Email Address > (five different fields)). One of these fields is the user's password.
In my Reset Password workflow, I have Firebase send the User a reset password email. After the user goes through the link in that email, they successfully change their password and can now log in with their new password. My question is how can I grab that new password, and update the Users > Email Address > password field in my database right away? Currently, this field is holding the old password that doesn't have any use any longer.
I don't believe we will need this field for the project, but I want to keep it updated for now in case another member on my team needs it. Thank you
My question is how can I grab that new password, and update the Users
-> Email Address -> password field in my database right away?
By using the standard reset password email mechanism proposed by Firebase you cannot "grab" the password.
You would need to implement your own mechanism as explained in the "Create custom email action handlers" page in the doc.
As evocated by #Kiran in his comment, storing users' passwords in your Firebase DB (Firestore or the RTDB) can be dangerous: you should take care that they cannot be read by some malicious users, typically by using security rules.
It can make sense, from a specific business/admin/organisational reason, to store users' password in a Firebase DB but then you should correctly protect them.
Is it possible to implement Firebase Authentication with Username And Password
(not email and Password) in Flutter? Is there a way to do it with the Firebase Auth Plugin?
Logically you can control email address
I mean if you want you can maintain email address pattern and store the username for the created UID .
Example :
Var currentTimeStamp:
CurrentTimeStamp#gmail.com
No Need to verify the email address as you need only the UID
Then you have to store the UID ,email address ,along with username in the Firestone or real-time database so that user can login again with the user name .you have to check user name and password is correct or not then do signin with that email addrsss and the given password
Thanks
It’s just an idea
No, FirebaseAuth only supports sign in with email and password. There are no usernames unfortunately.
Currently there is no way to use the default FirebaseAuth to sign in with a username.
But email + password login is much more secure because if you want to try and brute force a user you have 2 missing pieces of information instead of one.
Actually there is a way from the start offered by Firebase. It is by using Custom Auth Tokens (link).
But this is most suitable when you have complete custom server/backend and only want to use Firebase Authentication to handle the authentication.
You will need to create custom auth tokens using the user's user id and password. This can only be done by Firebase Admin SDK (link).
That means this approach needs some kind of server. You can use Google cloud functions or AWS lambda for some cheap options.
Then in order to use the authenticated users, you'll need to implement a function to verify these tokens (link). This gives the UID of the user.
Currently, I am trying to develop a web portal where I want to allow specific users to enter in the site. This means I want to use specific username and password to enter my side without using any email address. How it is possible? I see that for custom login I have to use an authentication server and it is allowed in the Functions tab in Firebase. But I have to purchase it. Is there any workaround available to create my custom login without an email.?
Firebase Authentication has no username-password authentication. The best you can do is whenever user enters the user name you can append #yourapp-com to make the format like an email and use it with the password.
Use the same method when user tries to login, when they enter their username, append with that domain and use signInWithEmailAndPassword method. So technically you are using email and password (but the email cannot receive emails) but your users enter username and password only.
That was the easy work around but you can also store usernames and passwords in database. However make sure you properly hash the password in the database. You can use cloud functions to authenticate user. The auth flow would be like:
User enters username and password
A cloud function is triggered which then verifies the username and password
If the password matches, use the Admin SDK to generate a Custom Token and send it back to client
Use the signInWithCustomToken method and log the user in with that token.
Is it possible to implement Firebase Authentication with Username And Password
(not email and Password) in Flutter? Is there a way to do it with the Firebase Auth Plugin?
Logically you can control email address
I mean if you want you can maintain email address pattern and store the username for the created UID .
Example :
Var currentTimeStamp:
CurrentTimeStamp#gmail.com
No Need to verify the email address as you need only the UID
Then you have to store the UID ,email address ,along with username in the Firestone or real-time database so that user can login again with the user name .you have to check user name and password is correct or not then do signin with that email addrsss and the given password
Thanks
It’s just an idea
No, FirebaseAuth only supports sign in with email and password. There are no usernames unfortunately.
Currently there is no way to use the default FirebaseAuth to sign in with a username.
But email + password login is much more secure because if you want to try and brute force a user you have 2 missing pieces of information instead of one.
Actually there is a way from the start offered by Firebase. It is by using Custom Auth Tokens (link).
But this is most suitable when you have complete custom server/backend and only want to use Firebase Authentication to handle the authentication.
You will need to create custom auth tokens using the user's user id and password. This can only be done by Firebase Admin SDK (link).
That means this approach needs some kind of server. You can use Google cloud functions or AWS lambda for some cheap options.
Then in order to use the authenticated users, you'll need to implement a function to verify these tokens (link). This gives the UID of the user.
I am using ionic 3 and firebase for the backend.In my app I am trying to let users sign up with just username and password. Well firebase by default doesn't provide that option. So I am getting user's input as username (for example: 'mike123') then i add #myapp.com. so it looks like an email: 'mike123#myapp.com'. That is all fine, but a problem just came up when user's want to reset their passwords. Is it possible to let users type in any valid email address at the time they want to reset their password?.
You can change the password of the user by https://firebase.google.com/docs/auth/admin/manage-users#update_a_user. Note that this is in the Firebase Admin SDK, so will require that you run code in a trusted environment, such as a server you control or Cloud Functions.
But faking username+password by faking an email address is non-ideal. I'd consider creating a custom auth provider for your needs.
If the email provided when sending the Reset Password request doesn't exist for any user, then it will fail.
In Android, calling sendPasswordResetEmail with a non-existing email, it would return a:
FirebaseAuthInvalidUserException: There is no user record corresponding to this identifier. The user may have been deleted.
You should ask for a valid email from the user and save their preferred username separately upon the user creation.