Mapping Firebase Auth users to Firestore Documents - firebase

I'm trying to use Firebase's Firestore database to handle Users in my Android app.
Initially I want to use the id returned from the Auth package (a string), and set that as the id for the users Collection in the database. When creating a Document inside of the Collection users, I set a uid field to that auth package string.
I realize there is no way of setting that string to an indexable value so that queries like:
// get Auth package uid string
db.collection("users").document(auth_uid_string);
would work.
So the alternative, I guess, is to use Query.whereEqualTo("uid", auth_uid_string) which would give me the user in a list, because firestore doesn't assume the query is for a unique value.
I want to avoid the above solution, and devise a way to store the users of the app in firestore, and use the auth package to verify that I fetch the correct user. Is such a solution possible? Or should I try a different firebase service, or even just run a postgres server in heroku or something?

I am not sure how to do this in android, but with JS I am doing the following:
firebase.firestore().collection('users').doc(currentUser.uid).set(currentUser)
currentUser is the user object that the authentication function returns (I use signInWithCredential)
It is working perfectly. I am sure you can implement a similar approach in android.

Related

Flutter get User Data from Firebase

I want to get User Data from firebase, I need the diplayName of a User. is there any way to get the displayName of a other user with his uid?
There is no way to look up information about another user in Firebase Authentication by using the client-side SDKs of Firebase, as that would be a security risk.
There are two common ways to allow searching the users in a secure way:
Write information about each user to a database (such as Cloud Firestore or the Realtime Database) when they register, and then search the database when needed. That way your code controls what data gets written and thus is searchable.
Firebase has Admin SDKs that run in trusted environments, such as your development machine, a server you control, or Cloud Functions. These SDKs have options to list users, which means you can search them. If you wrap one of the Admin SDKs in a custom API that you build and secure yourself, you can then call that from your Flutter code.
Also see:
React native firebase authentication searching
You can't get the name, or any other details of a user that is not currently signed in using FirebaseAuth.
Instead, you must create a node in your database where you store the name, and any other necessary details by querying the database.

Protecting data in Firestore to be only readable by users with active In-App-Subscription

my app is fetching data from a Firestore database but this data should only be accessible to users who are currently subscribed to In-App-Purchases.
What is the best way to protect this data?
My first thought was routing everything through a Firebase Function, so the user has to send their subscription ID to the function, the function checks it and returns the data, but this would require way too many function calls for just a few users.
If you are not using any server client libraries then you can create a rule on firestore to restrict the reads on the table.
firestore rules docs..
You could simply check if the requesting user has subscribed to In-App-Purchases (assuming there is a flag in the user's data to confirm the same).

Retrieve FirebaseUser data by UID using only FirebaseAuth

I am using theFirebaseAuth Flutter plugin in order to manage the authentication process of users in my app. So far, I have been able to retrieve data from the current user with no trouble. However, I would like to retrieve user information data such as the profile picture using the UID of that user. This is quite easy when the user I want to get the data from is the current user, but I can't see the way of doing that when the user is different.
Is it possible, in some way, to build an instance of FirebaseUser specifying the UID? Or am I forced to store that information in some external storage platform? I prefer
For security reasons, getting user info from any user besides the current one has to be done in a managed environment like a server or Cloud Functions. You can use the Admin SDK to handle this.

Reference firestore database with firebase auth uID

Is there a way to reference Auth uID with my created users DB through firebase console? Or i need to do it through application by writing code?
Since my app doesn't have registration but only log in as a function, then i have already populated auth table, but i need to somehow reference each uID with user in DB.
One way that i thought about was that i would create new users DB field when someone logs in for the first time. That could be a workaround, but still.
Maybe someone has an idea or solution of what i should do to achieve a result for my problem?

Firebase auth, is the user uid security sensitive?

I was wondering if getAuth().uid is sensitive/private in anyway? I am planning to use it on a user post something like: post.created_by: getAuth().uid. This makes writing rules/logic a lot easier.
The other way is to use the push id when the user is added to the database, which I'm trying to avoid.
No its safe to use the uid and recommended, firebase uses auth to authenticate the user and the assign the uid to identify the user across firebase.
You will be using uid in your security rules and as well as to identify user info in your db records.
Manually creating another id will render the efficiency of firebase useless.

Resources