React Native with Firebase Authentication - firebase

I'm aware that using Twitter/Facebook Firebase authentication with React Native throws an error since obviously that's not the right env to open up a new auth window. Also, Email/Password auth should also fail since it's reliant upon LocalStorage which React Native doesn't support. Is the best way to implement any sort of Firebase authentication in React Native to create a Swift/ObjC bridge then really just use the Swift/ObjC Firebase auth library? If so, does anyone have any examples of doing this?

Update: As of Firebase 3.x, Firebase Authentication will correctly persist users in React Native apps.
Ahh, I didn't realize that React Native didn't polyfill localstorage. So if I understand your question right, email/password auth with Firebase works fine in React Native, except it is not persisted across app starts, so the user has to log in every time.
One possible solution would be to manually persist the auth token yourself. Something like:
Call authWithPassword(...) as usual.
In the onComplete handler, retrieve authData.authToken and store it locally (e.g. using AsyncStorage).
On next app start, retrieve the auth token from storage and call authWithCustomToken(authToken, ...).
We'll look into making Firebase do this automatically, but it's a bit tricky to do this without affecting other consumers of Firebase besides react. I've added this to our internal bug database though and we'll see what we can come up with. We'll update this answer when we have a solution. Thanks!

Related

Can I unverify users in firebase programmatically?

I want to unverify users that are verified, everytime they sign out in my app. This is to achieve the behaviour I want for my app using firebase SDK. But, somehow, I can't find any solution (If it's really possible) for that. Can anyone enlighten me? Thanks, BTW! :)
There is no API to set the emailVerified property of the current user profile to false in the client-side SDKs for Firebase Authentication.
What you can do though is modify the user profile by using the Admin SDK and set the property to false there.
Since the Admin SDK can only be used in trusted environments, it won't run in the client-side app, and you'll have to do this by making a custom API that your app can call. If you don't have an existing server where you can run this API, consider using a serverless solution like Cloud Functions or Cloud Run.

Is it possible to share the same firebase login token between iOS and an embedded webview?

Scenario: a native iOS app is using Firebase. There is also a web app that uses Firebase. For a modal within the iOS app, we'd like to render a WKWebView loading a page from our web app, logged in as the same user.
If it's possible, I'd like to inject the iOS app's "auth token" into the webview so it can log in and interact with Firebase itself.
A solution that would work is to fetch a custom token via a cloud function whenever we show the webview. This isn't ideal for our use case.
Is there any way to do it locally, using the iOS app's existing session, perchance? There's getIDTokenResult, but that isn't a token that can be used to authenticate another session AFAICT.
I realize it might not be possible for security reasons, which is fine, if so. I'm not looking for a hack, just a legitimate API I might be missing.

React native + Firebase cloud function: Keep user loged in?

I'm working on a React-Native, Expo and Firebase project. I have built my firebase functions as cloud functions. The login, signup and register are built as a cloud function aswell. I'm using Email and Password to authenticate/signup the user.
I have used the method to store the token on the device and log the user in if it exists. However the token expires after 1h and after that my method does not work.
I have tried to use
firebase.auth().setPersistence(firebase.auth.Auth.Persistence.SESSION)
but that does not seem to work with cloud functions and returns error code: The current environmet does not support the specified persistence type.
What kind of workaround for this problem is there? Building a seperate cloud function that only refreshes the token, and in that case how do i achive that? What pros and cons is there for different solutions? Thankfull for feedback and
thoughts.
According to React Native Firebase's documentation, setPersistence method is not supported in React Native, link is mentioned below.
https://rnfirebase.io/docs/v5.x.x/auth/reference/auth#Unsupported-Methods
You can check this answer if this may help you,
https://stackoverflow.com/a/46143694/11758792

Mixing FirebaseUI Auth with "raw" Firebase Auth

FirebaseUI has the option of authenticating a user silently via AuthUI.getInstance().silentSignIn(). My issue is that I need to sign in specific users silently, and with FirebaseUI it doesn't always work as expected. There seems to be some kind of a caching mechanism which decides which user will get signed in, and I as a developer don't have that much control over it as I'd like. Specially when signing in Email/Password accounts.
Firebase Auth on the other hand has those very clear methods like FirebaseAuth.getInstance().signInWithEmailAndPassword(strEmail, strPassword) or FirebaseAuth.getInstance().signInWithCredential(GoogleAuthProvider.getCredential(account.getIdToken(), null)) (after using .startActivityForResult(Auth.GoogleSignInApi.getSignInIntent(m_gacGoogleApiClient), RC_GOOGLE_SIGN_IN))
Is it possible to safely use those Firebase Auth methods directly instead of AuthUI.getInstance().silentSignIn(), or or will this cause problem because the underlying system of AuthUI may then not be in sync with the state of Firebase/FirebaseUI?
Because if that is not possible, I will be forced to ditch FirebaseUI entirely. I like the initial sign-up procedure of FirebaseUI a lot, it makes many things easier, but the silent sign-in is very important to me.
The FirebaseUI Authentication components don't keep their own state. So mixing AuthUI methods with regular Firebase Authentication methods should not create problems with mixed state.
If you experience any problems, please report in an issue here, on on the Github repo of FirebaseUI for your platform.

Is it safe to use firebase anonymous authentication in Ionic App?

I want to develop an Ionic app for android and ios using firebase backend.
Requirement:
1. I want to use anonymous authentication silently so that user does not have to be worry about login.
2. I just want to display list of some items on the home page using Firestore api.
Question/Problem:
1. How does firebase will get to know that only the my app using the firestore get api.
2. If I am storing api credentials/secrets in my android app and if other user somehow knows these credentials, will that person be able to use api on behalf of my credentials and I will not be able to track the usage.
Top Level:
If someone know my firebase api credentials/secrets, will that person be able to utilize my firebase quota in case I am using firebase anonymous authentication.
Thanks in advance.
The settings you use to initialize the Firebase SDK are not "secrets". It's all very much public information that identifies your app from all the other Firebase apps out there. Every Firebase app has a similar set of public data. Once you publish your app, you should assume that everyone is able to see that data.
This means that anyone can use that data. That's why it's important to use Firebase Authentication along with security rules to make sure that people logged in can only make use of whatever resources you specify. That's the only way to lock down the data in your Firebase project. If you are concerned about security, then you should be thinking about your security rules from the very beginning.

Resources