I can update the user attributes like userName, familyName, givenName, formatted, active and displayName using API [Method=PUT , URL=https:///scim/v2/] and I tried to do the same with the password attribute , It responds with status [200 - OK] , but the user's password is not updated.
Is there any other API is available for password reset?
Try doing GET request on /v2/ServiceProviderConfig and looking for the returned data. changePassword.supported should be false, which will confirm that changing password is not supported.
Now, SCIM is supposed to be only available when Single Sign On (SSO) is enabled on a business account (see this Help Center article). This means that users sign in using the SSO provider and are not supposed to have any Evernote-specific passwords. It's SSO provider that needs to take care about password management.
Related
Currently, I am trying to develop a web portal where I want to allow specific users to enter in the site. This means I want to use specific username and password to enter my side without using any email address. How it is possible? I see that for custom login I have to use an authentication server and it is allowed in the Functions tab in Firebase. But I have to purchase it. Is there any workaround available to create my custom login without an email.?
Firebase Authentication has no username-password authentication. The best you can do is whenever user enters the user name you can append #yourapp-com to make the format like an email and use it with the password.
Use the same method when user tries to login, when they enter their username, append with that domain and use signInWithEmailAndPassword method. So technically you are using email and password (but the email cannot receive emails) but your users enter username and password only.
That was the easy work around but you can also store usernames and passwords in database. However make sure you properly hash the password in the database. You can use cloud functions to authenticate user. The auth flow would be like:
User enters username and password
A cloud function is triggered which then verifies the username and password
If the password matches, use the Admin SDK to generate a Custom Token and send it back to client
Use the signInWithCustomToken method and log the user in with that token.
In a scenario where a new Firebase user is created without a password, could the user sign in using just their email address (passing a null/empty string as the password)? Or does Firebase reject all attempts to authenticate with email + password when no password is specified in the user auth object?
The Firebase Admin SDK docs are clear that password is an optional property for createUser(), but the Password Authentication docs don't appear to specify Firebase's behavior when the user was created without a password. It would also be interesting whether an email link authentication (only) strategy can be enforced by leaving and/or setting a user's password as undefined, but this also doesn't appear to be explicitly called out in the docs.
Presumably Firebase rejects the email/password auth attempts, creating a de facto requirement for email link authentication (supported anecdotally), but any suggested links to Google authored docs would be greatly appreciated!
Firebase Authentication users are associated with one or more providers, and many of those providers don't need the user profile to have an associated password. For example: if you sign into Firebase with your Facebook account, the Firebase Authentication profile will not have an associated password. This applies to most providers, as in most cases the password is stored elsewhere (Facebook, Google, LinkedIn, Microsoft, etc), or ephemeral (email-link, phone auth).
On our app we are using "One account per email address". We want users to sign up using a specific authentication provider, which we keep track of, and stick with it.
What I've noticed today is that if I log in using a Google or Facebook provider I can then send myself a password reset link to the associated email address, which allows me to use the email/password provider instead.
There is a slight difference in behaviour depending on the first provider:
If I use Google first, after I use the password reset link I can now user either provider to log in, and both are linked to the same firebase uid. If I debug, I can see both in the providerDetails array on the authData object I get back from Firebase.
If I use Facebook first, after I use the password link the password provider replaces the Facebook one completely, although it retains the old firebase uid. At this point I can no longer use the Facebook login.
My questions are: is this behaviour intended, and, is there any way to switch it off?
This can cause confusion if say a user logs in using Facebook (which we track) and then later forgets and sends a password reset. It isn't the end of the world because they can carry on using the password login, but it certainly muddies the water.
Thanks
The behavior is intentional.
For end users, if they had signed into the app using Google or Facebook, and later they want to recover the password, the most likely reason is they (or an attacker) can not login with that identity provider.
After the user clicks the password reset link, Firebase removes the non-email identity providers to prevent other people from accessing the account silently. If the user still wants to add Facebook/Twitter login, they can do that via manual account linking (if the app supports).
In case the user's email service is the same as identity provider (e.g. #gmail.com users login into the app using Google), Firebase has an optimization to keep the identity provider since there is no security risk.
Anyone can help ,
I have created an api key and and secret key but I am getting an issue regarding to the login section means the api redirect to the https://auth.aweber.com/1.0/oauth/authorize_app/ url and here need a username and password but I am inserting my username and password but its not open and send me a message like
Notice: Invalid credentials - please retry
Make sure that you're using valid AWeber credentials when filling out that form. The username/password are not the API developer account from https://labs.aweber.com, but an actual AWeber account (i.e. what you would use to login to https://aweber.com).
I have to authenticate a user based on his google account.
I don't have any user authentication database from asp.net.
Is there any service available from Google which accepts google email id and Password in turn, it will check the given user is valid or not.
I tried OAUTH2 but no where it is accepting emailid and password from client side.
Am i missing anything ? and How can i fix this ??
Try below links :-
1) http://loginwithgoogle.codeplex.com/
2) http://dotnetopenauth.net/ This is implemented in ASP.NET and It includes samples for Google logins, and it's very easy.