I have mobile application that uses Firebase in the backend. In the app, each user has a large profile. But I will be asking the user to provide a small portion of the profile after creating the account. The rest of the profile will be collected by ENCOURAGING the user to complete it.
I was thinking that once the user logs in, I would show the user one of two screens to remind the user to fill the profile. Let us call the screens screen_A and screen_B.
Should I use Firebase remote config A/B or personalization to decide if I should show the user screen_A or screen_B? Why? Which event should I use to achieve this goal? You can assume that I now the profile completion rate for each user.
Related
I am using Twilio's verify API for TOTP services (Authy, Google Authenticator, etc).
I am trying to figure out how to handle the case where a user has lost access to their phone and cannot get past the TOTP 2FA challenge. Can I create a new Factor for that user and somehow "invalidate" the previous one?
Anyone know how to do this?
You can delete a factor, which would remove it from the entity. You can then create a new factor.
How to handle how you re-enable access to the user's account in your system is up to you though. Presumably after the user has convinced your support team that they are the rightful owner of the account, you could turn off 2FA verification for their account, allowing them to log in, and then have them go through 2FA set up again themselves. You might also want to consider generating back up codes which they can use in the case that they lose their device again.
I have a Slack App (source code) where I want to send reminders to channels where a certain piece of text has been mentioned the most on a schedule. It works, but there's a limitation:
The search.messsages API method only supports user tokens. I want this to run in the background, without interaction. Approaches that have come to mind:
Store my personal user token
Con: Would allow others with access to the token to be able to see my private messages
Create a fake user whose only purpose is that user token
Con: Have to pay for that fake user indefinitely, manage shared credentials, etc.
Any other ideas?
Here is what you can do:
Switch on distribution of the Slack app.
Have the admin, or an existing user on the Slack channel install the app. During the time of installation, you can ask for permissions with user token and search:read scope.
Now you can make all the searches using this user's token. You'll need to plan for the scenario where this user is deleted from the Slack workspace, your user token will stop working.
I don't think there is a way to control it from searching for your personal messages. Search functionality is dependent on the user token.
I am currently developing an iOS appplication using xcode and Swift. My application works well with firebase including the function of email verification. Due to the nature of my application, I want users to be able to sign up, verify their email and then await further verification on the side of my client using firebase.
In an ideal world, firebase would have a setting that supports user being automatically disabled on signup, and you would just tick a box and the user would be enabled in the authencation page of the console.
Seeming as I am looking for my client to be able to do this, I need a way that is simple to them, so they can enable and disable accounts. There is a property in the firebase authencation page but no way to default it.
So.. My idea was to create a cloud function in firebase that automatically disables users on signup, and once my client has verified who they are they will enable them. Any ideas on what this function would look like? Disabled is a nice and easy boolean value so.
I am new to firebase, so wondering if anyone had came across this kind of issue? The link below shows the function on user creation.
https://firebase.google.com/docs/functions/auth-events#trigger_a_function_on_user_creation
You can add an Admin SDK function in the user creation event you have. See this for an example: https://firebase.google.com/docs/auth/admin/manage-users#update_a_user
The easiest way to automatically disable new user accounts is through Cloud Functions. See for an example the answer to this question about How to prevent new user registration on Firebase?.
But note that the user will already be signed in by the time the Cloud Function runs, so they'll have access until their current/initial ID token expired (up to an hour).
The proper solution is to check whether the user is verified before enabling any backend functionality. For Cloud Firestore, Cloud Storage, and Firebase Realtime Database, you can do this in their server-side security rules. See for some examples of this:
(Firebase) Firestore security rules - allow if email verified without custom tokens?
Security rule to only allow write for users with verified emails
How do I lock down Firebase Database to any user from a specific (email) domain?
I'm currently trying to build an 'account switching' feature for my iOS App that uses Google Sign-In (with YouTube scopes to get YouTube channel data) & Firebase Authentication.
At the moment, if users want to switch accounts, they have to log out and log back in with another Google account, which is not great from a UX perspective.
My end goal is to allow users to log in with several channels and then choose the YouTube channel they want to see data for, from inside the app, without logging out and back in.
Is there a way to maintain several OAuth sessions alive to let user easily switch between accounts?
I have thought of storing the user's access token locally in a dictionary that would map channel ids with the relevant token but I'm not sure if that will be enough to maintain the state properly or if it will lead to a bunch of bugs.
Any ideas or suggestions are more than welcome.
Thanks.
With Firebase Authentication, there can only be one signed in user at a time. The SDK can't manage multiple signins at once. The prior user needs to be signed out at the time a new signin is processed.
I would like to use some Parse features, but not require users to login. For example, the app has a view with multiple buttons, when a button is pressed, it sends an update to a class in Parse which will increase a count by 1. I just need very little with Parse, and would prefer to not have users signup for an account, or login with Facebook or Twitter just to accomplish a few small things. Is it possible to just log them in automatically with a guest-style account (provided I let them know small actions are being stored on server, but no personal data at all is, and allow them to opt out?)?
Check out the part in the parse.com documentation. They talk about anonymous users (you don't need a login).
Parse.com Documentation about Anonymous Users