I want to know, is there a way to retrieve the current user's password? Or just check if his password != "acertainvalue". I'm speaking when the current user is connected through Firebase authentification. Thank you
There is no way to get the current password from the Firebase Authentication API as that would be a big security risk.
I'd also in general recommend against persisting the user's password as plaintext anywhere yourself, for the exact same reason.
If you need to check the user input against a specific value in your code, you should do that check right after you get the input from the UI - and before passing input on to Firebase.
Related
What would be the easiest way to have a contact form implemented into an Xcode ios app, where the user inputs their email, name and some hidden variables from within the program?
I'm thinking a firebase service will work well, as I don't want to use the built-in email form.
The contact form also needs to know if the form was submitted successfully, such as if the internet was out, or the server/service couldn't be reached. Any help or useful links would be greatly appreciated.
Firebase Authentication is great, it allows you to sign up/sign in users, so you can store them safely there.
Auth.auth().createUser / Auth.auth().signIn
The first method will create an auth user and returns you an uid key for that user, so you can use their Database to store anything related to that user using that uid. The second method will login an user and returns the current user logged in uid, so you can manipulate your data. You can make sure they worked by using the completion and checking if error is == nil.
I highly recommend you to use Auth to authenticate them, otherwise you would have to store their emails and passwords on your Database, and you would have to encrypt them.
Check their documentation here: https://firebase.google.com/docs/auth/ios/start
We use Firebase Auth & Firebase Database for user authentication. For complex reasons, we keep user passwords in both locations.
How do we UPDATE the Firebase Database /user node after the user has changed their password in Firebase AUTH?
Is there a completion block in the Firebase Auth > Password Reset work flow that we can simply update Firebase Database with the new password? I'm not sure if Firebase will pass the NEW PASSWORD to us to update in Firebase Database /user node.
One idea we had was to just update the user info in Firebase Auth using the 'updatePassword' function, but Firebase says that if the user has not logged in for a while, then the user has to be re-authenticated. So we're not sure how to work around that issue.
Any suggestions or thoughts or advice on the work flow?
Thank you in advance.
Firebase Auth cannot reveal the users password. If you noticed no admin can get the users password through the Firebase Auth interface either.
I've tried doing this using cloud functions, but it didn't work either. If the user resets the password, it's completely between them and Firebase.
I guess you are setting the password yourself the first time, and then store it in the database. But there is no completion function for Auth that can retrieve the password the user just put in. For safety reasons.
if you are using the updatePassword function, the user must have write access to the node in the database that could store the password.
Yes there is I’m pretty sure it is:
Auth().auth.currentUser.changePassword...
If it is not just search online for changing user password swift and look at the Firebase documentation.
I would like to be able to reset a user's password, in the case they have forgotten it. Is this possible using the Realm framework. As a natural extension to this problem, would is there a way of changing the user's password upon entering (correctly) their current password.
I am creating an iOS application in Swift.
Thanks in advance!
If you are using Realm Mobile Platform, we provide SyncUser.changePassword(_:, completion:) and SyncUser.changePassword(_:, forUserID:, completion:) APIs.
https://realm.io/docs/swift/latest/#changing-passwords
We have not provided a convenient way to achieve "Forgot password?" feature currently, so you need implement such UI and workflow yourself.
is there a way of changing the user's password upon entering (correctly) their current password.
You need to try logging in to see if the current password is correct.
I'm creating simple user login at the beginning of my app. After user submits correct username and password, my script from server should return some parameters which I should store in some sort of local database, and check for these parameters every time when new view appear/loads.
My questions are:
1) which type of local "database" should I use, which one is secure so no one else from "outside" can access it, because if someone could than he could set my logins by himself (keychains, user defaults etc.)?
2) which parameters should I return from server, which one of them are essentially from security when checking if user is logged in - I'm thinking of username and the token - if user is successfully logged in, than server script should create some type of token which will be stored in online database. Every time user makes some request from app to the server than token is checked, if it exists in app and if it exists in server database and if they are equal.
3) How should I check if user is logged in when new view is loading in the app - should I just check if variables exists (for example in Keychains) or should I connect to the server and check every time server database?
for storing sensitive user data(password, api token, email) you should always use Keychain for this purpose.In other hand there is Realm also offer secure way to store your data.Its easy to use, you just need wrap data objects with realm base(Object) class and mark properties with dynamic attribute.For basic login system i think user name, email and api token good enough.But depends on api needs you can include here phone number, birthday etc.For checking user authorization I think validating api token good enough in most case.
There is also most secure techniques to improve data safety like keep database property names in keychain.Hashing sensitive data parts in api calls.Last thing you need use https for api communication.
I need to add sign in and sign up option so i am little confuse that whether I'll use Sqlite to store user's credential or using web service(PHP)?
if anyone knows better option except above both operation then please guide me.
you are storing a username and password you could use the Keychain.
To use Keychain import "Security/Security.h".
Apple has an example of adding and retrieving a username and password in their documentation. The example methods
- (void)mySetObject:(id)inObject forKey:(id)key;
- (id)myObjectForKey:(id)key;
- (void)resetKeychainItem;
will enable you to persist and retrieve your user credentials almost without modifying the example code.
Calling webservices that require authentication, provide username and password directly as parameters in the URL using NSURLConnection