I created multiple accounts as described here.
Is there a way to delete some user account?
Is there a way to see all the existing user accounts?
The deletion and listing of user accounts created with Firebase Simple Login has been enabled once again in Forge, and will list the email / password-hash mappings as well as allow you to delete those mappings.
Keep in mind that Firebase only automatically stores an email address / password hash combination for Simple Login, and stores it separately from data in your Firebase so that you don't have to worry about managing that data securely.
This means that if you are storing user account data in your Firebase tree following a structure such as /users/$user, then you can always access the data via Forge (accessed at https://<your-firebase>.firebaseio.com) and view / modify your data there. I'll follow-up here once we've made progress to the Simple Login account management functionality. Thanks!
Related
I wanted to create website where I have separate Sign In and Sign Up form. I also want to have Google authentication with Firebase.
I've implemented it like this both on sign in and sign up page:
await FIREBASE_AUTH.signInWithPopup(googleAuthProvider);
But this code will always create new user.
What I would like to do is to block creating new user on sign in page, only log them in if user already exists (e.g. as I require terms of use consent on sign up page, but I don't want to require it on sign up page - it would be quite weird)
There is no way in Firebase Authentication to prevent users from signing up, while still allowing them to sign in if they're already created. The reason for this is that Firebase Authentication merely focuses on allowing users to authenticate themselves, so to prove who they are by providing credentials. What they can then do in your app is known as authorization, and is up to you to implement in your front-end application code, back-end application code, and server-side security rules.
For example, if you use one of Firebase's databases (Cloud Firestore or Realtime Database), you'll typically maintain a list of approved user's in that list (either their email or their UID). Then before granting the user access to specific screens in your app or data in your database, you check if the users exists in that list. If not, you don't grant access to the screen or data.
I don't see an issue here, when a user uses google auth when they already have an account it will create a new account with their in some cases new data he might have changed in his google account.
In case your users hold other data in your database I'm pretty sure there's a google auth API for that issue.
I signed up a user in my Flutter app using FirebaseAuth.instance.verifyPhoneNumber(). This works perfectly and the user shows up in my Firebase Console.
FirebaseAuth.instance.currentUser() now returns the user for me whenever I open the app. Should I store user info (age, weight etc.) here, or should I create a users collection in my Database and link the currentUser().uid in there?
Also, should I store it on the Database linked against the uid, or linked against the login info. For example, link a user to the phoneNumber and not the uid. Because if you ever delete the user, but they want to register again, then they will get a new uid, but their phoneNumber / email will still stay the same and can therefore still link to their old data.
You can't add arbitrary data to the Firebase Authentication user profile. So you should store the additional data in a database, and indeed associate it with the UID of the user, so that you can easily look it up. This also allows you to implement searches for users more easily, as the client-side Firebase Authentication SDKs have no functionality to look up data for any user but the currently signed in one.
To the additional question: if a user deletes their account from your application, you should respect their wishes and delete the additional data that you store for them too.
I used AWS Cognito to authenticate users in my iOS application. The users of the app will have to enter the email, phone number and their name in order to register and Amazon will be sending a SMS to authenticate the phone number.
All of these are working fine. I have few questions and they are :
1.) I want to know where these data are getting saved ? It's not there in the Dynamo DB (However, I found the list of users in AWS Cognito --> Federated Identities --> Users , but not in a Table inDynamoDB)
2.) Now, once the users are authenticated, I am allowing the users to interact with the application. The first task will be that the users will have to complete their profile. I want to know if in case if an user is NOT authenticated will he be able to complete his profile ? Ideally, he should not be allowed. But is this happening automatically ?
EDIT
1) You are correct, data is not stored inside dynamo for user profiles. Cognito has an internal data store in which user data is persisted. This can be viewed and edited (as an admin) through the 'Users' tab of your user pool.
2) They should not be able to, and it is not happening automatically. The only way to update attributes stored against a user is as an admin (which the user shouldn't be able to do) or with the token that they get from signing in, so what you're aiming for is very do-able.
I am currently using firebase to make an ionic app. I am using firebase simple login for social auth (facebook, twitter, email & password). The auth works perfectly, it $broadcasts the authed user. However it doesn't seem to create a user in the actual firebase db. I was wondering how I can get the users that have been authed using my app.
For most of the authentication protocols it supports, Firebase doesn't store user data anywhere. Even for the protocols where it does store data (I only know of email+password doing this), it stores this information in a place that your application can't access (though you can find those users in the dashboard of your Firebase).
To quote the Firebase documentation:
It does not store profile or user state in your Firebase. To persist user data you must save it to your Firebase.
What most applications end up doing, is keeping a list of users inside their Firebase that they manage themselves. So when a user first authenticates with the application, it creates a node under /users/<uid> that contains the information for that user.
See this section of the Firebase documentation that describes storing user data.
Firebase does not store profile or user state in your Firebase instance. To persist user data you must save it to your Firebase.
Firebase provides multiple authentications services
Using existing social login providers such Facebook, Twitter, Google, and GitHub. Using these services provides an option for your users to access your application without creating a new account.
Using built-in support for logging in with email & password. This requires registration and account creation that is handled by Firebase. The user account information is stored outside you application.
Using a custom authentication to implement existing server-side authentication, single sign-on, legacy systems, or third-party OAuth based services (such as Yahoo).
Once authenticated, Firebase return a variable auth to your application that you can use for authorization and access control. This variable is null for unauthenticated users, but for authenticated users it is an object containing the user's unique (auth.uid) and potentially other data about the user.
If you want to persist additional user information such as name
and location, then you need to use auth.uid and store it in your
Firebase with additional profile data.
Internally, Firebase generates JSON Web Tokens (JWTs) and creates authenticated sessions by calling Firebase.loginWithCustomToken() with those tokens. Each user is assigned a uid (a unique ID), which is guaranteed to be distinct across all providers, and to never change for a specific authenticated user.
The user data for firebase authentication is stored in firebaseLocalStorageDb in IndexedDB. After login to website, if you delete firebaseLocalStorageDb, the login user data for firebase authentication is all deleted so you need to log in website again.
If I create a new product, use simple auth, there is a "create user" API. How do I restrict it so that only invited emails (either by the email or via a one-time key) can sign up? Doesn't seem to fit easily into the rules, but I am probably missing something.
First, I should point out that the core Firebase API uses JSON Web Tokens for auth, which you can generate yourself, so you have full control over the creation of user accounts and can restrict it however you like:
https://www.firebase.com/docs/security/custom-login.html
I'm guessing you're referring to our Simple Login service.
Simple Login is a service that provides some common login options. It has no way to restrict creation of new accounts. However, you can restrict what those accounts can do with Firebase. For example, you could set your security rules up so that only user accounts in some authorized list (in Firebase) are actually able to read or write data.