What happens to a user who has been anonymously signed into an app using firebase anonymous authentication when he/she factory resets his/her device. Is all the information the app had on him get lost or what does firebase use to maintain user data
An anonymous user in Firebase Authentication is not much more then their UID.
When you uninstall an app or wipe the device, that UID is wiped from the device. When the user signs in with anonymous authentication next time, they will get a new UID. There will be no connection between their previous UID and the new UID. This is the nature of anonymous authentication.
The information on the original UID will still exist on the Firebase servers, but there's no built-in way to connect the former UID and the next UID together.
Related
As part of my project, I need to send both the anonymous and the email access token to the backend.
Unfortunately, after the user logs in through the Firebase-UI, Firebase only returns the token for the newly logged-in user.
I could of course store the anonymous token, but it's possible that that would expire in the meantime. So is there a way to keep both the anonymous user as well the signed-in email user and get their token?
I need to send both the anonymous and the email access token to the backend.
You can do that, but separately. You cannot have a single user logged in with two different providers at the same time.
Unfortunately, after the user logs in through the Firebase-UI, Firebase only returns the token for the newly logged-in user.
That's the expected behavior. Since you can only read the token of the currently logged-in user.
but it's possible that that would expire in the meantime
The anonymous auth token that identifies the account doesn't persist when the user logs out, and unfortunately, there is no way to reclaim that token for the user. Firebase anonymous authentication helps you create and use temporary accounts to authenticate your users in your application. These temporary anonymous accounts can be used to allow users who haven't yet signed up for your app. If such an anonymous user decides later to sign up for your application, you can link their sign-in credentials to the anonymous account.
So is there a way to keep both the anonymous user as well the signed-in email user and get their token?
No.
My app makes the user create a new anonymous ID automatically when downloading the app and when the user logs in, for example, by Facebook, the app change UID.
The problem is when I call FirebaseAuth.instance.signInWithCredential, It creates a new UID or change to UID that links to this credential, and the anonymous ID is never deleted. If many users relogin this app, many unuse anonymous ID and data will be garbage in firebase.
I have an idea to store UID in a variable, and when sign-in is successful, I delete using that UID, but firebase allows delete UID only current account. How can I solve this?
It sounds like you want to allow a user that you signed in anonymously to upgrade to an identified account. The idiomatic way to do that is to link the Facebook account to the existing anonymous account, so that the UID remains the same. To do this, follow the process described in the documentation on account linking and in the FlutterFire documentation on linking user accounts.
In my app, users are signed in anonymously. If someone uninstalls the app and re-installs it, the new generated uid is different from the older one. Is there some way I can revert the firebase auth instance to use the older uid instead of the new one?
Once a user is signed out from Firebase's anonymous authentication provider, there is no way to reclaim that UID through that provider. Given that a user doesn't have to provide any credentials to sign-in anonymously, allowing them to claim a specific UID would be a big security risk.
The only option would be to build your own provider for Firebase Authentication and give the user the same UID as before there, after you've verified that they are the same user.
The Firebase Authentication documentation states that:
If no previous anonymous account on the platform (for your specific application) has been created, when signing in anonymously Firebase will create a new unique user which will be persisted across app restarts/page reloads. If the user signs-out and reauthenticates anonymously again, they will be signed-in with the previously created account.
Yet when I sign out as an anonymous user and sign in again, I get a new anonymous user, instead of getting signed in with the previously created account. Just to be clear, the sign-in is done by calling FirebaseAuth.instance.signInAnonymously(), and the sign-out is done by calling FirebaseAuth.instance.signOut().
That looks like a mistake in the FlutterFire documentation. Once you sign out from an anonymous account, that account's UID is lost and cannot be reclaimed.
My best guess at the intention of the documentation is that calling signInAnonymously multiple times will result in the same UID. But signing the user out, clears that UID and it can't be reclaimed. I submitted a PR to improve the documentation here.
I am using Firebase's auth feature and sometimes I see empty users in the console. This brings issues to some users because instead of logging into their main account (and using their UID to fetch their user data in a users reference), log into that empty account with a UID which is not theirs.
Not sure exactly how that can happen, but it seems like this could be a bug on Firebase's side, because a successful Auth should have at least 1 provider...
Any ideas about such issue and how I could fix it from my side if possible?
Ps.: Is that how "signInAnonymously" would create anonymous accounts?
This is an intended behavior when you authenticate with Firebase anonymously.
signInAnonymously() method signs in the user anonymously without requiring any credential and creates a new account in your Firebase Authentication system, except in the case where there was already an anonymous user signed in into the app.
See FirebaseAuth.signInAnonymously class reference for more details.