I am using Firebase authentication in my app and signing up a user with email and password. I want to get other users details (separate from the logged-in user) as well while a user is signed in with their own account. How can I get that information?
Values like email, display name and id (specific to authentication system) are available off of the Firebase User object. You can get a reference to the current logged in user off of the FIRAuth class. I provided links and class names for iOS, but other platforms are similarly structured.
If you want to store additional data for users, I would recommend including a users root node, using the uid off of the Firebase User object as the key for users child nodes.
//create user
auth.createUserWithEmailAndPassword(email, password)
.addOnCompleteListener(SignupActivity.this, new OnCompleteListener < AuthResult > () {
#Override
public void onComplete(#NonNull Task < AuthResult > task) {
Toast.makeText(SignupActivity.this, "createUserWithEmail:onComplete:" + task.isSuccessful(), Toast.LENGTH_SHORT).show();
progressBar.setVisibility(View.GONE);
// If sign in fails, display a message to the user. If sign in succeeds
// the auth state listener will be notified and logic to handle the
// signed in user can be handled in the listener.
if (!task.isSuccessful()) {
Toast.makeText(SignupActivity.this, "Authentication failed." + task.getException(),
Toast.LENGTH_SHORT).show();
} else {
String user_id = auth.getCurrentUser().getUid();
DatabaseReference current_user_db = _Database.child(user_id);
current_user_db.child("name").setValue(name);
current_user_db.child("image").setValue("default");
startActivity(new Intent(SignupActivity.this, ProfileActivity.class));
finish();
}
}
});
}
});
It's not a security issue, but just a mean of how you treat personal information. You can store what you want in firebase so you can easily store when the user login his/her avatar url (aka facebook url) or just id or any other infos anyway, then retrieve it.
If you need to retrieve infos of users which are not using your apps beside, thden you can also easily via the facebook sdk with user permission of course. take care–
Related
I have made a sign-in page, and a sign-up page with Firebase Authentication in Flutter and Dart.
After the sign up, I'm trying to retrieve the current user's displayName, however, when I try retrieving it, I seem to get not the current one, but the one that I signed up with before this one.
However, when I for example hot-restart the app, I get the current user's details just fine.
I try to retrieve the current user's displayName property with this code:
static String? getUsername() {
return FirebaseAuth.instance.currentUser?.displayName!;
}
The way I call this, is I initialize a variable to store the username which I get from the method, on a different dart file, different from the signUp page I got. I also call this method in the initState() method.
This is how I sign-up the user and set the displayName:
static void signUpUser(String username, String emailAddress, String password) async {
try {
final credential =
await FirebaseAuth.instance.createUserWithEmailAndPassword(
email: emailAddress,
password: password,
);
// Here I set the displayName property
await credential.user!.updateDisplayName(username);
} on FirebaseAuthException catch (e) {
if (e.code == 'weak-password') {}
else if (e.code == 'email-already-in-use') {}
} catch (e) {}
}
I tried to use the user.reload(), and FirebaseAuth.userChanges() functions, but these did not seem to fix my problem.
Maybe I'm trying to retrieve the displayName property wrong, what am I missing? I'm quite new to developing my own apps and working with Firebase.
The Future that updateDisplayName returns completes when the call has been made to the underlying Firebase SDK. It does not automatically update the user profile in your application at that point though. That will only happen automatically once every hour (when the SDK refreshes the ID token on which that profile is based), or when the user signs out and in again.
To force a refresh of the profile from your application code outside of those automatic conditions, you can call reload() on the user object.
I've created a login and registration screen that works with my Flutter app, using Firebase as the backend authentication service. I'm able to switch between the login, registration and reset password screens well.
The Issue
At the moment, the registration screen accepts any email address that is entered, whether or not it is real. For example, if I were to type in gvevg#gverwbgw.com, it would allow the user to register. This is obviously an issue, when it comes to fake accounts and spam etc.
The Aim
I would basically like to be able to edit my code, to automatically generate an email address verification email, which prevents the user from signing in, before their email address has been verified. The code I have made uses a Future, FirebaseAuth and async/await to make this happen.
My Current Code
Firstly, I define an AuthBase abstract class, that creates the 'createUserWithEmailAndPassword' function (amongst others) as follows:
abstract class AuthBase {
Stream<User> get onAuthStateChanged;
Future<User> currentUser();
Future<User> createUserWithEmailAndPassword(String email, String password);
}
Then, I create an Auth function, that implements AuthBase, gets the current user from Firebase and creates the registration Future function, as follows:
class Auth implements AuthBase {
final _firebaseAuth = FirebaseAuth.instance;
// This creates the user ID token variable (if one doesn't already exist) which is then populated using one of the login methods.
User _userFromFirebase(FirebaseUser user) {
if (user == null) {
return null;
}
return User(uid: user.uid);
}
// This helps to get the user from Google Firebase, noting if there is or isn't a user with those login details already.
#override
Stream<User> get onAuthStateChanged {
return _firebaseAuth.onAuthStateChanged.map(_userFromFirebase);
}
// This identifies the current user, who is logged in at the time.
#override
Future<User> currentUser() async {
final user = await _firebaseAuth.currentUser();
return _userFromFirebase(user);
}
// This creates the user account for an email-and-password sign-in, with firebase, if it doesn't already exist.
#override
Future<User> createUserWithEmailAndPassword(
String email, String password) async {
final authResult = await _firebaseAuth.createUserWithEmailAndPassword(
email: email, password: password);
return _userFromFirebase(authResult.user);
}
}
My Question
How do I edit my code, so that it allows me to implement email verification automatically for any user that wants to sign in with email? I believe the sendEmailVerification() function must use FirebaseUser, although I am not sure how to implement it here. I would appreciate any help. Thanks!
Email+password authentication requires nothing more than that the user knows the combination of email+password. It doesn't in itself require the email address to be verified to sign in. If you want the email address to be verified before allowing access to other data, you can do that by checking the user's token for the email_verified claim for example in the security rules of your database.
Also see:
How do I lock down Firebase Database to any user from a specific (email) domain?
Firebase email verification at SignUp
How to prevent user authentication in Firebase/Vue.js BEFORE email is verified
Only let pre-verified users log into Firebase
I'm allowing user to Sign Up with Google, Facebook or Email. Follow this link I know how to link multiple auth provider to the same account but here is my scenario
Let say an user create account with Google or Facebook but later(after his account created) he want to set password so he can login with email and password as well. I know how to link an email/password account with other federated provider(google, facebook) but not the other way. My only though is to create an new account with that new password and email associated with the method they choose in early stage but it will not work due to email already exist. I even enable allow multiple account with same address at my console but it return ERROR_EMAIL_ALREADY_IN_USE so I think it doesn't work with email/password.
So how can I add password to that account after sign up with Facebook or Google? Thank in any advace.
From the documentation on linking account providers:
Email-password sign-in
AuthCredential credential = EmailAuthProvider.getCredential(email, password);
And then you link the credential with the existing Google/Facebook accont with:
Pass the AuthCredential object to the signed-in user's linkWithCredential method:
mAuth.getCurrentUser().linkWithCredential(credential)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
Log.d(TAG, "linkWithCredential:success");
FirebaseUser user = task.getResult().getUser();
updateUI(user);
} else {
Log.w(TAG, "linkWithCredential:failure", task.getException());
Toast.makeText(AnonymousAuthActivity.this, "Authentication failed.",
Toast.LENGTH_SHORT).show();
updateUI(null);
}
// ...
}
});
Update
use signInAndRetrieveDataWithCredential instead of linkWithCredential, because linkWithCredential is deprecated.
I'm making chat which will be based on firebase.
The chat is gonna be part of our existing site which already has authentication and registration, and also users will not be able to create chat rooms or enter them,
it all will be handled by site automacally. Users only will be able to read and write messages to chat rooms to which they were previously added by site.
For automatic authetification I think to use signInWithCustomToken() method.
But I don't quite understand how to automatically create users and add them to chat rooms. The firebase.auth().createUserWithEmailAndPassword(email, password)
method needs email and password but I wanna just add users without any emails and passwords. I've read docs but could not find any solution, can anybody help me?
I had a similar problem and chose to use the email and password login and just created an email (username#myapp.com) and password each time I needed to add users
You can create custom tokens and use them to authenticate. Sample java code
public static String createCustomToken(String userId, Map<String, Object> additionalClaims) {
FirebaseOptions options = new FirebaseOptions.Builder()
.setServiceAccount(new FileInputStream(FIREBASE_ACCESS_FILE)).build();
FirebaseApp.initializeApp(options);
Task<String> customToken = FirebaseAuth.getInstance().createCustomToken(userId, additionalClaims);
return customToken.getResult().toString();
}
enter code here
When the user logs-in to your website, you can return above generated custom token. The client app(ios,android or web) can use this custom token to sign-in as below
firebase.auth().signInWithCustomToken(token).catch(function(error) {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
// [START_EXCLUDE]
if (errorCode === 'auth/invalid-custom-token') {
alert('The token you provided is not valid.');
} else {
console.error(error);
}
// [END_EXCLUDE]
}
I am writing an Android application and I am trying to log users in anonymously so they don't have to go through any sort of registration process. I am storing their anonymous user ID in shared preferences, and when the application opens, I am trying to log them in based on that user ID. I am trying to figure out the correct way to do this, as there doesn't seem to be an auth function that just takes in a UID. Currently I have it using auth(), but I don't feel like that is correct.
Here is some sample code:
String userID = getUserID();
if(userID.equals("NOT_FOUND")) {
ref.authAnonymously(new Firebase.AuthResultHandler() {
#Override
public void onAuthenticated(AuthData authData) {
//successful authentication
//save auth data
SharedPreferences prefs = getSharedPreferences(
"USER_ID", Context.MODE_PRIVATE);
String id = authData.getUid();
prefs.edit().putString("USER_ID", id).commit();
}
#Override
public void onAuthenticationError(FirebaseError firebaseError) {
//unsuccessful authentication
}
});
} else {
ref.auth(userID, new Firebase.AuthListener() {
...
You're creating a new authentication session each and every time you invoke FirebaseRef.authAnonymously(...). This method only needs to be invoked once, after which the user will authenticated upon page refreshes. Also note that you do not need to call FirebaseRef.auth() again once restarting the application, as that piece is automatically handled for you.
If you'd like to check for the current authentication state of the user, and only then create a new authentication session if the user is not currently authenticated, use the synchronous accessor for authentication state FirebaseRef.getAuth().
Lastly, once you create an anonymous authentication session, no new sessions may ever be created with the same uid. That session will live until your predefined session expiration time (configured in your account dashboard) or until your user logs out, after which that uid is permanently retired.