In my project we have a sort of admin frontend app that manages data from children apps. Each child app has its own firebase database and the admin app has stored information on its own firebase database on how each child firebase app is structured and such. In addition, each client firebase app has its own Android and iOS clients that reads data from the realtime database.
The authentication on the admin app is done through username/password login and are only available to some pre-registered users.
The question is
How can I properly authenticate the signed-in user on the client apps? Is there a way to re-use the current ID Token to sign in to other apps?
One solution I can think of is making a backend just to generate JWTTokens for each child app, but there should be an easier way to obtain what I want...
Now you can have multiple apps in one Firebase project. That way, your users can easily sign-in and modify their User information in both apps.
Note: Well, it's been more than a year since this question asked. But, hopefully you already found the answer.
Related
I am trying to figure out a problem I currently have. I have a software platform where restaurant owners can make and publish their own mobile apps. Menu access, reservation control, etc etc. I am using Firebase as my backend.
For each restaurant app I make, requires a customer login. The problem is that the customer can download another app from my restaurant client and has the ability to log in with the same credentials because I am using the same Firebase project for multiple apps, under the same company.
This is not what I want.. can I make multiple instances of Firebase Authentication? Or when the user registers, do I hardcode the username and password into the database, and check that, upon registration and signing in? If I did that, I would lose the power of third party log ins.
Please let me know of any ideas you guys might have..
Thanks!
Jorge
Firebase Auth can't have multiple instances per project. You would need to create multiple projects to in order to get more instances.
However, what you're talking about could be called "multi-tenancy", where you have multiple organizations each sandboxed from each other in a single project. For that, you will need to adopt Google Cloud Identity Platform and work with it using the Firebase APIs as described by the documentation.
I am currently developing multiple apps with Firebase and I have a doubt. I have a user and an admin. My problem is if I am using the same firebase database, will the user be able to sign up into Admin's app using his credentials or both app will have different authentication. I don't want the user logging into the admin app with user credentials. If it is possible, what can I do to avoid it?
I haven't done trying it.
Can I use multiple apps on a single Firebase database?
Yes, you can.
Will it use the same auth or a different auth?
If both apps are added to the same project, then the authentication will be the same for both projects. This means that the user can use the same account for both projects. This also means that both apps can write/read data to/from the same database.
You can solve this in multiple ways
Have a different collection to store the data of the admins and then check on the login if the email is present in the collection
With the Rules of Firestore
I have one project based on firebase in which i have multiple apps having same code but white labeled data.
All users are authenticated by firebase authentication.
Now the Problem is when one authenticated used tries to login in the one white label app it logged in sucessfully but when same users who is not registered in another white labeled app also logged in as same authentication process because of one authentication for all apps in same project in firebase.
so I want to know how to differentiate the users in same firebase project with multiple apps ?
sorry for poor english
You can use Custom Claims to track which user have access to which apps. Note that this require you to use Cloud Functions
Custom Claims documents: https://firebase.google.com/docs/auth/admin/custom-claims
Cloud Functions sample code:
admin.auth().setCustomUserClaims(uid, {whiteLabelApp1: true}).then(() => {//do something here if you want});
And for client code, just refer to the docs
I want to develop an Ionic app for android and ios using firebase backend.
Requirement:
1. I want to use anonymous authentication silently so that user does not have to be worry about login.
2. I just want to display list of some items on the home page using Firestore api.
Question/Problem:
1. How does firebase will get to know that only the my app using the firestore get api.
2. If I am storing api credentials/secrets in my android app and if other user somehow knows these credentials, will that person be able to use api on behalf of my credentials and I will not be able to track the usage.
Top Level:
If someone know my firebase api credentials/secrets, will that person be able to utilize my firebase quota in case I am using firebase anonymous authentication.
Thanks in advance.
The settings you use to initialize the Firebase SDK are not "secrets". It's all very much public information that identifies your app from all the other Firebase apps out there. Every Firebase app has a similar set of public data. Once you publish your app, you should assume that everyone is able to see that data.
This means that anyone can use that data. That's why it's important to use Firebase Authentication along with security rules to make sure that people logged in can only make use of whatever resources you specify. That's the only way to lock down the data in your Firebase project. If you are concerned about security, then you should be thinking about your security rules from the very beginning.
I have a Firebase project, which I'm currently using with android. I need to programmatically fetch details of the users authorized along with the UID, Email, etc. Exactly the way it is shown in firebase (with the search), this web portal will be given to the vendor or the person using it to verify the user's authenticity.
I've attached the screenshot from Firebase, I'm hoping to replicate it the same way with the search. If this is possible, how do I go about doing this?
It's not possible to list users from an Android app, using only the Firebase Authentication SDK. You can list users using the Firebase Admin SDK, but that can only be run on a backend you control, using service account credentials for your project.
It might be easier if you store user info in a database, to be queried by client code, rather than try to have your app try to access auth data directly.