Is there a way to call Accounts#resetPassword without logging after the user changes their password?
Related
Im using Flutter and Firebase. I am trying to figure out if there is a 'built in' way to detect when a Firebase account has been disabled, so that the Flutter app can react and sign out that user if they are logged in already?
I could accomplish this task by adding a 'isDisabled' property to the users document since I already listen for changes to that doc and if it becomes 'true' then log them out. This would require that two changes are made, the 'isDisabled' is set on user doc and account is marked disabled under Authentication.
It just seemed like there might be a more direct way to accomplish this task.
There is not really a more direct way. Firebase Auth is not "realtime". When an account is disabled, the SDK does not know about it immediately. In fact, the user's auth token will stay valid for up to another hour after the time it was disabled. When the token finally expires, the SDK will no long be able to refresh it, and the user will become signed out. Your code will then see that the user is signed out, and they will not be able to sign in again.
I want to be able to force a use to relogin using the OAuth provider. I have tried deleting the services.resume.loginTokens, I tried deleting the AuthKey under the service itself in services.myService.accessToken but nothing works.
I also have searched through the OAuth package and looked at all the Accounts packages, but cannot find any code that allows me to force the user to relogin with the OAuth provider.
Does anyone have a clue?
Meteor has a login token, which is usually kept in the browser's local storage. This has a life of 3 months, and is how Meteor keeps the user logged in. If you simply call
Meteor.logout();
It will log the user out. If your routes check that the user is logged in, they will be forced to log in again
I know there is a way to log in anonymously with Google Firebase, but I haven't gotten it working. The issue I am having is that my app needs to be accessible on any device without logging into any account with the app.
It needs to have full control of the app's database, both reading and writing. This app isn't really meant for public use, so I am OK with anonymous authentication. I also should not have to click a button in order for it to authenticate, it should do it automatically. I tried adding the code that Google provides, but it still wont authenticate. It does work with a Google account.
Thanks!
It was an issue related to the database rules. The default rules are set so that only authenticated users are able to read and write to the database. I set both so that anyone can read or write to the database from any device without logging in.
If I open a website with firebase installed and i execute this
firebase.auth().currentUser.delete() in browser console after a user has logged in, the current user will be deleted. How can i prevent a user from calling the delete function. is there a way to disable this?
There is no way to prevent a user from deleting their Firebase Authentication account. But whether you expose such functionality in your app is of course up to you.
It sounds a bit like an XY problem. What app-level problem are you trying to accomplish by disabling users from deleting their Firebase Authentication account?
You can now prevent users from deleting their own accounts by unchecking "Enable delete" in the Firebase console. This was available only in Cloud Identity Toolkit console before.
Using deleteUser() will throw an error "Firebase: Error (auth/admin-restricted-operation)."
I know how to remove registered users manually via web interface (which is also answered by this question). This can be done without providing user's password.
Is there a way to remove a user automatically without their password? I have only found removeUser API call which requires user's password.
It would help to simplify deployment for testing/stage environments.
There is no API to programmatically access the email/password users in Firebase.
For development purposes, you can delete them through the Login & Auth tab of your app's dashboard.