My users are logging into my Meteor App using twitter, and I receive their token and secret. The app's purpose is to help the user delete old tweets, and so I want to be able to delete tweets on the user's timeline. Do I use my app's consumer and secret or do I need the user's? Do I need to somehow authorize my application to delete the user's tweets?
Thanks!
Related
I want to create accounts via Firebase that only create a UID of the user. No password and no email should be requested. The user should be able to delete the app and if he downloads it again, still be able to access his UID and the associated data. In addition, this registration should never expire and the UID of the user should always remain unique and not be overwritten.
Is there a tool in Firebase that can be used to do this?
What you're describing is known as an anonymous account in Firebase, and you can create one with a single call as shown in documentation for iOS, Android, and Web.
I was wondering if there was a way to delete a user from FirebaseAuth by their UID. Upon my research online, it seems like you can only delete the current logged in user.
Please advise if this is a possibility.
A user signed in can only delete their own account. No user has ability or permission to delete another account from your client web or mobile app, not matter what platform. That would actually be a huge security hole.
What you can do instead is delete the user from a backend you control using the Firebase Admin SDK, which has the ability to manage users. Privileged backend code can delete any user by UID. If you intend for your end users to invoke some function on your backend that deletes another user, you should verify in your backend code that the user should have this privilege.
I signed up a user in my Flutter app using FirebaseAuth.instance.verifyPhoneNumber(). This works perfectly and the user shows up in my Firebase Console.
FirebaseAuth.instance.currentUser() now returns the user for me whenever I open the app. Should I store user info (age, weight etc.) here, or should I create a users collection in my Database and link the currentUser().uid in there?
Also, should I store it on the Database linked against the uid, or linked against the login info. For example, link a user to the phoneNumber and not the uid. Because if you ever delete the user, but they want to register again, then they will get a new uid, but their phoneNumber / email will still stay the same and can therefore still link to their old data.
You can't add arbitrary data to the Firebase Authentication user profile. So you should store the additional data in a database, and indeed associate it with the UID of the user, so that you can easily look it up. This also allows you to implement searches for users more easily, as the client-side Firebase Authentication SDKs have no functionality to look up data for any user but the currently signed in one.
To the additional question: if a user deletes their account from your application, you should respect their wishes and delete the additional data that you store for them too.
In my app I've 2 login methods(google&facebook) and all the users appear in the Authentication part inside my firebase project, and I haven't list/collection of my users in my database.
I want to display in my app list of users with some personal data.
My question is how do i get access to the users from the Authentication part(to get all the users for example)?
Is it good approach that the users appear only in the Authentication and not inside my database?
You can't list user accounts with the Firebase Authentication client SDK. You can only do that with the Firebase Admin SDK on a backend you control.
If you think it's OK for your users to be able to know all other users, then you should store that information in your database to make it queryable directly from the client, or create some sort of API endpoint where you can invoke the Admin SDK from your app.
I am currently using firebase to make an ionic app. I am using firebase simple login for social auth (facebook, twitter, email & password). The auth works perfectly, it $broadcasts the authed user. However it doesn't seem to create a user in the actual firebase db. I was wondering how I can get the users that have been authed using my app.
For most of the authentication protocols it supports, Firebase doesn't store user data anywhere. Even for the protocols where it does store data (I only know of email+password doing this), it stores this information in a place that your application can't access (though you can find those users in the dashboard of your Firebase).
To quote the Firebase documentation:
It does not store profile or user state in your Firebase. To persist user data you must save it to your Firebase.
What most applications end up doing, is keeping a list of users inside their Firebase that they manage themselves. So when a user first authenticates with the application, it creates a node under /users/<uid> that contains the information for that user.
See this section of the Firebase documentation that describes storing user data.
Firebase does not store profile or user state in your Firebase instance. To persist user data you must save it to your Firebase.
Firebase provides multiple authentications services
Using existing social login providers such Facebook, Twitter, Google, and GitHub. Using these services provides an option for your users to access your application without creating a new account.
Using built-in support for logging in with email & password. This requires registration and account creation that is handled by Firebase. The user account information is stored outside you application.
Using a custom authentication to implement existing server-side authentication, single sign-on, legacy systems, or third-party OAuth based services (such as Yahoo).
Once authenticated, Firebase return a variable auth to your application that you can use for authorization and access control. This variable is null for unauthenticated users, but for authenticated users it is an object containing the user's unique (auth.uid) and potentially other data about the user.
If you want to persist additional user information such as name
and location, then you need to use auth.uid and store it in your
Firebase with additional profile data.
Internally, Firebase generates JSON Web Tokens (JWTs) and creates authenticated sessions by calling Firebase.loginWithCustomToken() with those tokens. Each user is assigned a uid (a unique ID), which is guaranteed to be distinct across all providers, and to never change for a specific authenticated user.
The user data for firebase authentication is stored in firebaseLocalStorageDb in IndexedDB. After login to website, if you delete firebaseLocalStorageDb, the login user data for firebase authentication is all deleted so you need to log in website again.