I have a Flutter app where most of the users should never log in. I also use this same app for a small selection of users that I personally manage and would like to allow them to create a Firebase account, preferably just with by giving them a password to access the account creation page. Ideally I don't want just anyone to be able to create an account, only those who I have personally given access to. Is there a way I could password protect the account creation page so that only those with access to the password could create an account? Perhaps there is another way to do this? Ideally, I'm not looking to get into a situation where anyone can create an account and then downstream I have to authorize that account so that it has the correct access. I really just want only those with the access upstream to be able to create the account. Perhaps this is not logical but this seems to make more sense than letting accounts be created by anyone and then approved by me after the fact. So my question really is, how do I password protect a page in flutter? Or is this just a bad idea and should I work to manage things downstream? Or is there another solution I have yet to consider?
Have you considered using something like a dynamic link that navigates to the specified page in the app when clicked. firebase_dynamic_links might be of help. Only those who have the link will be able to access it and I presume that you could manage the link actions from the Firebase console.
You could also opt for simplicity and create a password field that pops up before your account creation page
I did some research and experiments on integrating LINE login with Firebase Auth using Flutter. I have some questions:
Looks like in Firebase Auth, there are AuthProvider, and in Flutter source code, I also found an OAuthProvider. There you can create Credential to include your idToken and access token. But I don't know how to specify the providerId in that Credential. I guess it is not possible, because Firebase hasn't integrate LINE login. The client side api: logInWithCredential can ONLY work with Firebase supported login methods, and you have to enable them in your Firebase console. Am I right?
So it looks like now I have to setup my own server to exchange LINE access token to Firebase custom token. In my server, I first verify access token and grab the LINE user profile, then I create a custom token, but there I have to decide a UID, which I have to use some pattern like LINE:${LINE_UID}. This looks like some hacking, is there a better way?
Admin API to create custom token only accept UID or optionally a user claim, I have no way to set its display name or some other basic info. So if I directly send the token with UID like LINE:${LINE_UID} to a client, then the client logInWithToken, it will create a user without display name if it doesn't exist. The only workaround I can image is, in the server-side, generate the LINE:${LINE_UID} and look up it in Admin API, if it doesn't exist, then I create a user with a proper display name. This looks again not so good, because the document said if you do logInWithToken, it will create one if it is not there, and we cannot use that because I want to set it's display name when it is created. Any better solution?
I want to link a user with multiple auth provider. I saw in the Firebase JWT, they are well included, that is cool. But those linked elements are user profile get via credential. So can we link a user to a LINE login? Which is not built-in Firebase Auth Provider? Is auth provider linking only valid for Firebase built-in provider?
Regards,
Xiang.
You're asking way too much in a single post, which makes it hard to help. I'll try to address below, but please follow the advice on How do I ask a good question going forward.
The general approach for adding LINE as an authentication provider is shown in this blog post: Authenticate your Firebase users with LINE Login. There is also a example, which shows how to use Cloud Functions as the server component for this. If you get stuck implementing those for Flutter, post the minimal, complete/standalone code that reproduces this issue.
The client side api: logInWithCredential can ONLY work with Firebase supported login methods, and you have to enable them in your Firebase console. Am I right?
Nope, you're wrong. You can also provide your own sign-in provider for Firebase, and use the tokens you mint there with the Firebase Authentication SDK.
This looks like some hacking, is there a better way?
The UID can be whatever you want, but you'll have to ensure it is unique. A common way to ensure global uniqueness is to embed some identifier for the provider in the UID. If you prefer another way to ensure global uniqueness, you're free to use that too of course.
I have no way to set its display name or some other basic info [when creating the account]
This is indeed a common problem with some providers, as you for example can't set the display name for the email+password provider until after the account has been created. With a custom provider you can put whatever information you want in the initial JWT already though.
can we link a user to a LINE login? Which is not built-in Firebase Auth Provider?
See Linking custom auth provider with Firebase
Late to the party .
but This article helps you which I publish on Medium.
I'm using A Flutter plugin LINE's native SDKs in Flutter apps with Dart. The plugin helps you integrate LINE Login features in your app. You can redirect users to LINE or a web page where they log in with their LINE credentials. package
Also, I make a git hub repo for the same.
Did you check out the firebase_auth plugin? It has lots of helpfull features.
https://pub.dev/packages/firebase_auth
I have an app that is protected by google-oauth (3-legged OAuth) at the nginx-level (using https://github.com/cloudflare/nginx-google-oauth). As you may know, it requires the user to be logged in or manually login to a google account using the browser.
I'd like to access this same protected app through the CLI/programatically. It's true that nginx-google-oauth provides some means that make it easy to do that: the _token_curl endpoint prints outs the headers ready to be used with curl. The problem though is that that token has an expiration date and to get it I need to be logged in or login manually to my google account.
I'm wondering if I could use a Google Service Account (2-legged OAuth) to access the google-oauth-protected app? I've searched around in the documentation (https://developers.google.com/identity/protocols/OAuth2ServiceAccount) and from what I understood, it's only meant to access Google APIs.
Could someone shed some light on the subject? Thanks!
Just for anyone else finding this, the question was answered on GitHub and it is not supported by nginx-google-oauth:
https://github.com/cloudflare/nginx-google-oauth/issues/21
I am having some trouble figuring out how I can let users set their API credentials to get read-only data from the Google Calendar API.
I have it set up to use OAuth to allow a fallback. It allows the user to click for an access key to copy over and save.
However, I am finding an issue when I try to make it so users can enter their own API settings.
I tried the same method I used for the fallback, but even if they enter those credentials in they would still need to authenticate it with an access key.
So I guess my question is how can I just include a simple API key to be saved and used to get the data?
I haven't been able to find very many resources or documentation on this so even pointing me in the right direction will be very helpful.
Thanks!
EDIT:
So here is a link to the part of the Calendar API I need to use: https://developers.google.com/google-apps/calendar/v3/reference/events/list
And if you compare it to the top of the page of this API page: https://developers.google.com/google-apps/calendar/v3/reference/events/delete
You will see the delete specifies that it requires Authorization, but the List does not. All I need is the list but when I have tried to connect with it without any authorization it does not work. Am I missing something?
If the data is not public, the users will have to authenticate with Google and enter the access code on your plugin configuration. Google Analytics for WP does this, check its source.
I don't see the problem with having the users authenticating, but one alternative is to add support for service account, like the Google Drive WP Media does. In this case users of your plugin will enter the service account email and upload the private key file (I'm not sure if the Drive WP plugin implements it in a secure way).
I’ve a Gmail account, assume that me#gmail.com. Now I want to login (as admin) in my website through this account. I know I can use OpenID etc. for that purpose but I want to limit it for just me only. Can I do this? I don’t let anyone else to know which service I used to login and what is my address and etc. (Note: My website contains just one and only one login form, for just me, only!)
I assume that once your OpenID has been verified you will have you own database storing logins (me#gmail.com) so you provide persistence.
You would have a table of logins with an admin column so that for example even though noadmin#gmail.com was verified by OpenID I do not want to let them access, so Response.Redirect them outta there.