I am thinking of using Firebase email/password authentication and I was wondering does Firebase handle all the encryption? Esecially from client to server?
Credentials are sent from the Firebase SDK in your app/web page to the server over an SSL connection. So they're encrypted on a lower level already.
Yes it is, like described below
Related
We use firebase to authenticate a frontend application in the standard process- The application connect to firebase and ask for token, than the application send this token in every API call to the server, and the server validates the token.
Now if we want to expose some of our endpoints and supply api access (e.g users will be able to login without browser), how should we do the authentication?
The users will send username and password, and we will need to authenticate against firebase with the credentials.
Is there best practice or guideline to how to approach this?
I want to still leverage firebase security features that I don't need to manage by myself (for example, preventing brute-force attacks), but not using the browser.
Currently, my Flutter App uses Firebase email & password authentication, I want to keep this but also enable the use of biometric authentication.
So far the only solution I've seen is encrypting the user's email and password on the device and if the biometric authentication is successful then you decrypt the email and password and then use those to authenticate with Firebase.
Is this the best way to handle it right now?
What other solutions are there?
I am trying Firebase to authenticate users for a website that was initially built on Flask (using the flask login workflow with a postgres DB). However, I am not sure that I have a correct understanding of what would be considered best practices when using Firebase.
I read through this article, which I think has led me down a suboptimal path when it comes to actually managing users.
My questions are:
Should all the Firebase authentication be handled in the javascript?
If so, should I use the request.headers on the backend to verify the identity of the user?
Any tutorials (aside from the Firenotes one, which I am working through) much appreciated.
Should all the Firebase authentication be handled in the javascript?
No, it doesn't have to be JavaScript. But in general, you'll find that most apps using one of the existing Firebase Authentication providers handle the sign-in of the user in their client-side code, with calls to the authentication server.
If so, should I use the request.headers on the backend to verify the identity of the user?
When calling REST APIs Firebase itself passes the ID token of the authenticated user in the Authorization header, so that's a valid approach indeed. On the server you can then verify that the ID token is valid, and decide what data this user has access to.
I'm trying to integrate Firebase into a Unity WebGL app, unlike iOS and Android there's no official Firebase plugin for it.
I'd like to try and use the Unity WWW class to make web requests to endpoints to do firebase authentication.
Is there an endpoint I can call passing the username and password to firebase that will return an auth token?
No, that would be a massive security hole for the end user who gives up their password to you. Users should only be typing passwords directly into the site that controls their account.
You should probably take a look into calling through to JavaScript to use the Firebase web SDKs.
WebGL: Interacting with browser scripting
Yes, Firebase Auth has a REST API that sends the email/password combo (as POST parameters) in an https call.
Firebase Auth REST API Sign in with email / password
I can't receive data on my mongodb2.6 when authentification=true, by the way, am writen in authentification credentials user and password of my kaa database.
But and i can send data when authentification is disabled.
I dont know if it is a problem of mongodb version or a user Roles
Any hint please
Check authentication mechanisms in your MongoDB.
Kaa supports MongoDB’s default authentication challenge and response mechanism (MONGODB-CR).