Facebook API: How to access user data when the user is offline? - facebook-php-sdk

I'm writing an app that keeps track of a user's friends. I want to be able to verify his friend list when he isn't online. Is there a way to do this? In other words, do API calls again an account that was verified while the user is offline?

You can use a long-lived access_tokens to access Facebook on a user's behalf for a period of up to 6 months. This means you can access the user's friend list or perform other operations as long as the user logs in one in a while.
This tutorial covers how to get a long-lived access token using the Facebook PHP SDK.

Related

getting user id from phone number in flutter

in the app, which logs the user in only through phone authentication.
now the question is can I get the user id from his phone number(not the user id of the current user though).
I have the access to other users phone number in the app, and I want to get their id for further use.
is it possible in flutter with firebase at the backend?
Looking up the UID for a user based on either phone number or email address is considered a sensitive operation. For this reason such operations are only available in the Admin SDKs, which are designed to be used in trusted environments, such as your development machine, a server you control, or Cloud Functions. For more on these, see the bottom two code samples in looking up user data in the documentation.
If you want to perform such operations from your client-side code, your two main options are:
Store the required mapping in a cloud-hosted database, such Firebase's Realtime Database or Firestore, as Huthaifa also answered.
Create your own custom API on a server or Cloud Functions where you lookup the user through the Admin SDK. Your client-side application code can then call this custom API.
In both of these cases you are in full control of what data you share, and how you secure access.
Sure you can, there are multiple approaches for this, if you post your structure for the user model, or how you are storing them in firebase.
You can run a simple Firebase query like this example:
FirebaseFirestore.instance.collection('users').where('phoneNumber', isEqualTo: thePhonenumberOftheuserYouwant2GetUIDfor).get()
You can also store the available\accessible contacts for every user in their user document, and when your user logs in, it'll fetch all their allowed user numbers.
The more information you provide to your problem, the more StackOverflow can provide you back.

How to check which number of users(email/password auth) are currently logged in my apps from firebase console manually?

I need to see not total number of user. i only want them who are currently active (not signed out user) to my app through email and password. I want to see it from firebase console. help me please.
The Firebase Console doesn't show the number of users that are currently signed in to Firebase Authentication.
If you want to know how many users are actively using your app, you'll have to build something yourself.
Gaurav's comment about using an Analytics tool is a good hint. Even though Firebase's analytics SDK isn't available for the web, there are other analytics tools out there that would allow you to track the number of active users.
Another way is to write some information to a cloud database each time a user takes an action in your app. Then you can query that database to determine how many unique users recently took actions. That is actually pretty much what most analytics packages to. :)
A final option would be to use the Firebase Realtime Database's presence system, which uses a more active approach to detect how many users are currently connected to the database.

How can I access user data stored in Firebase using Google Assistant?

I have some user data stored in Firebase in users/userID/data
I'm using Dialogflow to recognize for example the following intent:
retrieve my email
which triggers a webhook and passes as parameter email, which is the data the user wants to retrieve. How to I pass the firebase userID? I guess I need to implement some kind of logging for the Google Assistant, but I cannot find how can I link the Firebase user account to google actions and how would I get this firebase userID
Is there a standard or recommend way to achieve this?
There is no pre-built solution for this right now.
You will need to implement Account Linking with the Google Assistant.It was done this way to give you, and your users, maximum flexibility. You'll be able to authenticate them using a variety of methods, not just Google Auth, and users are able to use a Google identity for you that may be different than the one they use for the Assistant. Account Linking will associate them without revealing to you which account they use on the Assistant.
This means creating an OAuth server that lets users log in using their Firebase account and issuing tokens to the Assistant. Google does provide some information about the procedure you should follow when creating your OAuth server, and you should be able to create this using Firebase Hosting and Firebase Cloud Functions.
Then, each time the Assistant calls your action, it will send the tokens back to you. You would use this token to determine the Firebase userid and then can look them up in the database.

what is the best way to manage FCM registration ID in database server?

I'm trying to use firebase cloud messaging service for my android application and I'm trying to find the best way to manage registration ID in database server.
I was thinking to create new table with userID,registrationId (where userID is unique for each user) in my database and insert new record once the user logs in successfully and remove that record when the user logs out. but there are some situation that the registration Id will be refreshed, I can get the new registration Id to save it in the database. but how can I get the old registration Id to remove it?
Are there better way to manage the registration Id in database?
note: a device can access one account but there are might be many devices that use the same account.
Depending on the user, you might want to also have an identifier for each device they use. But for a simpler explanation, I'll go with the scenario where each user only has a single device.
If you're using Firebase Database, then the simplest way to structure the nodes would be something like this:
pushTokens/
$userId: <registration_token_here>
Simple as that. You just pair the userId that you use in your app (possibly for authentication) and place the token there. On sign out, log the user out. When the user is currently signed-in and the token refreshes, handle it in onTokenRefresh(), send the new token to the DB, and replace the older one. Deciding to keep the old one for logging purposes is your call.
Possibly helpful posts:
Firebase Cloud Messaging - Managing Registration Tokens
Managing FCM device groups

Where should the OAUTH2.0 Server be for Actions on Google/Firebase

Referring to - https://developers.google.com/actions/identity/oauth2-code-flow Im using Actions SDK which implies Im using Firebase Functions for the fulfillment handling.
Im storing information in Firebase against the UID I got from FirebaseUser.getUid() in an Android app. So far so good.
I've setup a mock OAuth2.0 server and this seems to be happy exchanging tokens.
However later on in the documentation it states:
"Your service's API endpoints use the access token to identify the user on whose behalf Google is making the API call, and to verify that Google has authorization to access the endpoint on the user's behalf."
My fulfillment however is in Firebase Functions. So...
Do I need to get my FirebaseFunction to get the User ID from the OAuth2.0 server? Do I need to setup an OAuth2.0 server in Firebase Functions? Where does the OAuth2.0 server sit? And how do I get my Firebase Function to get the same User ID as reported by Android?
First - you're starting with a small misconception. Actions on Google and the Actions SDK do not require Firebase Functions for fulfillment. Firebase Functions do make it easier - they provide the publicly accessible HTTPS endpoint that you need for a webhook, but if you have your own server (with valid SSL certificate) or if you want to use AWS Lambda or something similar, you can certainly do so. And if you want to use a language besides JavaScript, the JSON protocol used is documented (although sometimes not clearly).
To answer your questions:
If you need the UserID in your webhook, then yes, it needs some way to get that UserID given the access token it will be handed. But how you do this depends on how you implemented your OAuth server and token. For example:
If you used signed JTWs as your token, then the UserID is part of the JWT and all your webhook needs to do is extract this and verify the signature and timeframe on the JWT are valid. You don't need to contact any other server to do this.
If you're storing the tokens and corresponding user info in Firebase or in some other database or data store - just read the token from your webhook!
You certainly can create another HTTPS endpoint you can use to validate the token and get the info from it - this is what Google does, for example.
Your OAuth server does not need to live in Firebase Functions any more than your webhook does. It might be a good place for it to live (along with the authentication page on Firebase Hosting), but it isn't required.
Your OAuth server can sit... anywhere. Well, anywhere public on the Internet with a valid SSL certificate anyway.
This last point is exactly what account linking is all about. You need to make sure that, when they authenticate against your server, you get the UserID that is "reported by Android", whatever that means in your context (but see my update below). Once you have this UserID, you need to make sure it gets associated against any of the tokens that you issue for this user, and you need to provide a way for your service to get this UserID from the token.
How you do this is up to you, and depends on the rest of your architecture and what you're trying to do with it. The Google Assistant doesn't care - it has its own notion of a UserId which is separate from yours, so to identify the user with your UserId, you'll use the token that it hands you.
Update
You raise a good point in the comments about the statement "The user ID on Android devices will also be the same as the user ID on a Google Home". This is true, but talks about the anonymous cookie-like UserID that is available through the Assistant platform only (which is why it is in the section on Anonymous User Identity). It doesn't talk about any ID that you can get through other Android apps. To associate the ID you get through other apps to the Assistant's ID, you need to use Account Linking as described on the following page.
If all you need is a consistent way to track a user that visits your Action multiple times, and you want that to be consistent on any Assistant platform (Google Home, Assistant for Android, or Assistant for iOS), then you just need to use the UserID that is provided through the API/JSON. You don't need Account Linking or an OAuth server. But this is not a Google ID or the Firebase ID, it is a anonymous UserID that is valid on the Assistant platforms only (and then, only within certain conditions if the user does not reset it).
Update 2 To be clear about OAuth and JWTs:
You ask in the questions "Where else can I get the JWT?"
In short - you build it yourself.
Remember that, if you are providing an OAuth server, one of the things you need to do is to issue auth tokens and refresh tokens. Those tokens can be anything you want - the only criteria is that your webhook be able to take the token and, somehow, get the information it needs out of it that ties it to a user.
But you are responsible for putting that information in there in the first place.
So when the user logs in during account linking, you might use Firebase Authentication to log them in. Once you've done so, you can get a Firebase ID and/or a Google ID for them. (After all, they've logged into your OAuth web page - you have to know something about them.)
After they log in, you're redirecting them to some place Google has asked you to, and you're including a token as part of that. That token can be the JWT that you're creating, and in that JWT, you can include the ID information you have from their login.
(And, again... it doesn't have to be a JWT. It can be anything you want. The only requirement is that you be able to validate it and use it to get the information you need.)

Resources