I am managing SQL server database along with Firebase. I have created user's account in Firebase from back-end by below method and stores other properties
in Firebase by providing User UID as unique key.
firebase.auth().createUserWithEmailAndPassword(Email, Password).then(function (user) {
firebase.database().ref("Users/" + user.uid + "/").set({
favouriteId: FavouriteId,
hotelId: HotelRef,
isActive: IsActive,
isLoggedIn: IsLoggedIn,
name: Name,
vendorId: VendorId
}) });
User can use above credentials to login into mobile app.To change password of user I am using reset password by email from Firebase. Here Password is changing from mobile side and I am unable to update that password in SQL server.I want to update new password in SQL server database.
I have searched for above but I didn't find any solution or other way to get password from Firebase.
Currently I am calling API from mobile side to update password in SQL server.
Is there any way to retrieve updated password from Firebase database?
Why are you storing the password (never a good idea to store plain text password) when Firebase Auth already does this for you securely using best practices including salting and hashing the password. If you plan to use Firebase Auth, you may as well let them manage password authentication for you. If you need to migrate to another auth system at some point in time, Firebase Auth provides multiple tools to get the hashed passwords via CLI SDK and Firebase Admin SDK.
Related
Is it possible to implement Firebase Authentication with Username And Password
(not email and Password) in Flutter? Is there a way to do it with the Firebase Auth Plugin?
Logically you can control email address
I mean if you want you can maintain email address pattern and store the username for the created UID .
Example :
Var currentTimeStamp:
CurrentTimeStamp#gmail.com
No Need to verify the email address as you need only the UID
Then you have to store the UID ,email address ,along with username in the Firestone or real-time database so that user can login again with the user name .you have to check user name and password is correct or not then do signin with that email addrsss and the given password
Thanks
It’s just an idea
No, FirebaseAuth only supports sign in with email and password. There are no usernames unfortunately.
Currently there is no way to use the default FirebaseAuth to sign in with a username.
But email + password login is much more secure because if you want to try and brute force a user you have 2 missing pieces of information instead of one.
Actually there is a way from the start offered by Firebase. It is by using Custom Auth Tokens (link).
But this is most suitable when you have complete custom server/backend and only want to use Firebase Authentication to handle the authentication.
You will need to create custom auth tokens using the user's user id and password. This can only be done by Firebase Admin SDK (link).
That means this approach needs some kind of server. You can use Google cloud functions or AWS lambda for some cheap options.
Then in order to use the authenticated users, you'll need to implement a function to verify these tokens (link). This gives the UID of the user.
Is it possible to implement Firebase Authentication with Username And Password
(not email and Password) in Flutter? Is there a way to do it with the Firebase Auth Plugin?
Logically you can control email address
I mean if you want you can maintain email address pattern and store the username for the created UID .
Example :
Var currentTimeStamp:
CurrentTimeStamp#gmail.com
No Need to verify the email address as you need only the UID
Then you have to store the UID ,email address ,along with username in the Firestone or real-time database so that user can login again with the user name .you have to check user name and password is correct or not then do signin with that email addrsss and the given password
Thanks
It’s just an idea
No, FirebaseAuth only supports sign in with email and password. There are no usernames unfortunately.
Currently there is no way to use the default FirebaseAuth to sign in with a username.
But email + password login is much more secure because if you want to try and brute force a user you have 2 missing pieces of information instead of one.
Actually there is a way from the start offered by Firebase. It is by using Custom Auth Tokens (link).
But this is most suitable when you have complete custom server/backend and only want to use Firebase Authentication to handle the authentication.
You will need to create custom auth tokens using the user's user id and password. This can only be done by Firebase Admin SDK (link).
That means this approach needs some kind of server. You can use Google cloud functions or AWS lambda for some cheap options.
Then in order to use the authenticated users, you'll need to implement a function to verify these tokens (link). This gives the UID of the user.
I have an existing Firebase project where I'm managing auth myself in a backend API. I'm hashing the password and comparing it to a stored hashed password and returning a custom claims token.
I'm trying to transition the project to using the native auth (sign in with email + password). My problem is the existing users. I have hashed passwords for all of them stored in Firebase, but the Firebase auth itself doesn't know about the passwords. I don't want to force my users to all set their passwords again, but I don't see another way to accomplish this. Is there another way?
I guess you know the key used to hash the passwords, since you stored them in Firestore. You could then use the auth:import command of the CLI.
My program should allow offline login.
To do these, I trying to save password hash which created by Firebase Auth.
Then offline acquire email and password from login screen, authenticate by password hash which saved at local.
I can find export firebase auth to csv document.
To implement my use case how I do that?
If you're trying to get a list of all users and their password hash from Firebase, you can do so through the Firebase Authentication Admin SDK's listUsers method. For security reasons this SDK only runs on a trusted environment, such as your development machine, as server you control, or Cloud Functions
I want to change a user's password without authenticating the user, and I want to do this with Ionic.
Currently, this is what I have:
const user = firebase.auth().currentUser;
const credentials = firebase.auth.EmailAuthProvider.credential(user.email,
this._password);
user.reauthenticateWithCredential(credentials)
The problem is that I want to change the user's password without authenticating the user, and that's something I cannot do with firebase.auth().currentUser . The latter won't work if we are dealing with multiple users.
Firebase provides only one way to reset the password without authorization i.e. reset password by email.
You can send a password reset email to a user with the
sendPasswordResetEmail method. For example:
var auth = firebase.auth();
var emailAddress = "user#example.com";
auth.sendPasswordResetEmail(emailAddress).then(function() {
// Email sent.
}).catch(function(error) {
// An error happened.
});
You can also customize email template format. Hope this helps.
It is not possible in the client-side JavaScript SDK to change a user's password without authenticating that user. If it existed it could be called by any malicious user of your app, which would be a pretty massive security risk.
The only way to change a user's password without knowing/specifying their current credentials is through the Firebase Admin SDK. This Admin SDK is made to be run in a trusted environment (such as your development machine, a server you control, or Cloud Functions), and thus can't be abused by users of your app.