I am using Cloud Functions to manage the database and the auth in my project. I followed the example https://github.com/firebase/functions-samples/tree/master/delete-unused-accounts-cron to delete inactive users in my app. I want to get only the anonymous users that were inactive for some time. I don't know to make the query to the identity toolkit to filter only the correct ones. Does anybody help?
Thanks!
I think your best bet is to write the account auth provider(s) into your database at the time of login, then use that to further filter the set of accounts that should be deleted. This way, you won't have to take the time to query each uid to find out what its providers are.
You can use the Admin SDK listUsers API to list all users and then inspect if the account has no provider data (assuming you don't use custom authentication)/no emails and inspect the metadata lastSignInTime. However, as Firebase sessions are indefinite, that does not guarantee the account is inactive:
Listing users: https://firebase.google.com/docs/auth/admin/manage-users#list_all_users
User record metadata which contains last sign in time: https://firebase.google.com/docs/reference/admin/node/admin.auth.UserRecord#metadata
Related
In my app using Firebase as back-end, I wanted to implement a new feature based on Firebase Storage to allow my users to save some files.
Knowing that my app can be accessed only by people who are paying a subscription, I'm already filtering the access to Firestore (used in my project to store user data) via a document that stores if the subscrition is valid or not and this is filtered by the Firestore security rules.
I saw that there is no linkage between Firestore and Storage, so I can't in the Storage security rules read my Firestore documents. So I had the idea to use CustomClaims to add to the Auth token an attribute if the subscription is valid or not.
After tinkering a bit with it, I noticed and checked that it takes up to an hour to client to have a refreshed token. Since my app follow roughtly this workflow:
I don't think that is a good user experience to wait for an hour to have access to a service the user just paid.
Is there something I didn't see ? Is there a way to circumvent this problem ? Is there an other way to have a refresh token than to force the user to logout ?
You can force the ID token to be refreshed with currentUser.getIdToken(true) with the JS SDK. There are similar methods for the other Client SDKs.
See the doc for more details.
I want to get User Data from firebase, I need the diplayName of a User. is there any way to get the displayName of a other user with his uid?
There is no way to look up information about another user in Firebase Authentication by using the client-side SDKs of Firebase, as that would be a security risk.
There are two common ways to allow searching the users in a secure way:
Write information about each user to a database (such as Cloud Firestore or the Realtime Database) when they register, and then search the database when needed. That way your code controls what data gets written and thus is searchable.
Firebase has Admin SDKs that run in trusted environments, such as your development machine, a server you control, or Cloud Functions. These SDKs have options to list users, which means you can search them. If you wrap one of the Admin SDKs in a custom API that you build and secure yourself, you can then call that from your Flutter code.
Also see:
React native firebase authentication searching
You can't get the name, or any other details of a user that is not currently signed in using FirebaseAuth.
Instead, you must create a node in your database where you store the name, and any other necessary details by querying the database.
So my current flutter project has all users logged in with only google accounts.
Is there a way to query for user UIDs with the user's gmail or google username?
Another followup question:
I can't seem to find a clear documentation for firebase for flutter specifically, is there something like this out there?
There is no way to query across the users in Firebase Authentication from the client-side SDKs, as that would be a security risk.
If you want to allow users to find other users, the two most common approaches are:
Store information about each user in the database (typically either Realtime Database or Cloud Firestore), and search across that.
Wrap the relevant parts of the Admin SDK in a Cloud Function, and call that from your app.
While the second may sound simpler/more common at first, using a database is actually by far more common with Firebase and allows more flexibility for relatively low complexity.
I was wondering if getAuth().uid is sensitive/private in anyway? I am planning to use it on a user post something like: post.created_by: getAuth().uid. This makes writing rules/logic a lot easier.
The other way is to use the push id when the user is added to the database, which I'm trying to avoid.
No its safe to use the uid and recommended, firebase uses auth to authenticate the user and the assign the uid to identify the user across firebase.
You will be using uid in your security rules and as well as to identify user info in your db records.
Manually creating another id will render the efficiency of firebase useless.
Is there a way to access the "Authentication" database in Firebase?
I'm building an app which uses the Firebase anonymous authentication
I would like to access the Firebase "Authentication" database to check the last login of the user.
Tried looking through the web but didn't find any reference.
Can someone point me to the right direction please?
There is no API for you to access the timestamp of when a specific user last logged in. Most developers end up storing this type of information in their Firebase Database, for example with the structure outlined in the section structuring your database.
Firebase launched the admin node.js sdk. You can look users by uid or email and get their metadata like creation date and last login date.
https://firebase.google.com/docs/auth/admin/manage-users