How can one link the phone provider with the email provider in authenticated users section from Firebase?
Whenever I try to log in with the email, it then removes the phone number from the identifier section and then I try to log in with the phone number it creates a new user with a different UID.
I am looking for a solution in Swift that would have both phone and email as providers, any advice?
You can link multiple Auth providers as explained in this link
// If email & password
// let credential = EmailAuthProvider.credential(withEmail: email, password: password)
// If email link
let credential = EmailAuthProvider.credential(withEmail: email, link: link)
Auth.auth().currentUser.link(with: credential) { (authResult, error) in
// ...
}
Related
I need help verifying the OTP with Firebase.
I Managed to receive a SMS with the OTP but when I verify it I get automatically signed up and I only know if the OTP was valid if I signed up - else I get a popup like "invalid otp".
How can I manually validate the otp? My goal is to open another screen where the user puts in more information.
func verifyCode(){
let credential = PhoneAuthProvider.provider().credential(withVerificationID: self.CODE, verificationCode: code)
print(credential)
loading = true
//here i just want to verify my OTP without signing in...
Auth.auth().signIn(with: credential) { (result, err) in //here i am signing in...
self.loading = false
if let error = err{
let generator = UINotificationFeedbackGenerator()
generator.notificationOccurred(.error)
self.code = ""
self.errorMsg = error.localizedDescription
withAnimation{ self.error.toggle()}
return
}
self.gotoRegistration = true
withAnimation{self.status = true}
}
}
There is no way to use Firebase Authentication's phone/OTP provider without automatically signing the user in.
But the fact that the user is signed in to Firebase, does not mean that you have to grant them access to all parts/data in your app. If you want them to provide more information, you can do so before or after signing them in to Firebase, and make it part of the same sign-up flow as far as the user is concerned.
So something like:
// Sign the user in with Firebase
// Check if the user has provider the additional registration information
// If not, send them to the registration information screen
// If so, send them to the next screen of the app
You can also enforce these rules in your back-end code, or (if you use one of Firebase's back-end services) in the server-side security rules.
My app is having facebook & email password login with firebase. Now for those user who are signed with Facebook, I don't want to verify their emails. but in Auth.auth().currentUser?.isEmailVerified its return false always. so is there any other method to detect user is logged in with facebook. I know i can store value inside user default before login but after uninstall & reinstall app i will lost that userdefault. while firebase keep user logged in. i can use keychain for that but if firebase directly provide that then that will make easy for coding.
I find one solution with firebase methods:
if let providerData = Auth.auth().currentUser?.providerData {
for userInfo in providerData {
switch userInfo.providerID {
case "facebook.com":
print("Facebook Login")
//isVerifiededUser = true
default:
print("provider is \(userInfo.providerID)")
}
}
}
You can use:
if let user = Auth.auth().currentUser {
if FBSDKAccessToken.current() != nil {
// logged in using facebook
}
else {
// logged in using manual email/password method
}
}
so you can send verification emails to only those who are logged in using email/password method.
Firebase doesn't provide a method to show which was the first method used to create Firebase account. You will have a list of the all the providers attached to a firebase user with their emails/ phone number attached to them.
Firebase by default only set emails verified for Google SignIn, for other providers Firebase behavior is to set false (although some times it do set the email verified true randomly). The reason is that Firebase cannot guarantee that email is verified by facebook on their platform but incase of Google firebase has trust.
One option is you always send verification email no matter facebook or Email Auth. Second is that you ditch Email password login and instead use new Email Link Authentication, which eliminates the email auth needed in password login.
EDIT:
if you only allow one method to be used at a time then you can get the providers list from the firebase user and check if the providers list has 'password' signin method present, send a verification email after checking email verified, else don't send the email and continue the app
Here is the resource to email link authentication: https://firebase.google.com/docs/auth/ios/email-link-auth
This code means that at some point the user registered using Facebook, but it does not mean that at this point the user is using this provider for access. If the user has these providers ["google.com", "facebook.com"] it will also return true . 😊🖤
fileprivate func userHasFBProvider() -> Bool{
var fBProvider = false
guard let providerData = Auth.auth().currentUser?.providerData else {
return fBProvider
}
for userInfo in providerData {
switch userInfo.providerID {
case "facebook.com":
fBProvider = true
default:
fBProvider = false
}
}
return fBProvider
}
I'm trying to login with Linkedin and Firebase. I generate on my server the custom token, I have my private key, I use RS256 and this is my payload:
"iss" : service_account_email
"sub" : service_account_email
"aud", "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit"
"iat", Date().timeIntervalSince1970
"exp", Date().timeIntervalSince1970.advanced(by: 3600)
"uid", String.randomString(length:28)
I create the token, send it back to the app and from this I do:
Auth.auth().signIn(withCustomToken: token!, completion: { (user, error) in
I receive no error and a user back, so the token is valid. The problem is that the user has no values (no email, no displayName etc). the only thing is the uid which is the one that I set with: String.randomString(length:28)
How can I retrieve the user email and other info? In my linkedin account I have a displayname, email, picture etc. But here nothing.
Thanks
You have to set that manually. Firebase Auth has APIs to update profile (photo URL and display name) as well as email. You can send this LinkedIn data along with the custom token to your app, sign in with custom token and then update profile and email on that signed in custom token user.
By the way, set the LinkedIn ID as the UID for that user. Do not use a random string. Otherwise the next time you sign in with LinkedIn, the same user will map to another one.
I have a question which looks silly but I can't find answer anywhere.
I have a simple signup iOS procedure which relies on Firebase Authentication SDK.
At a certain point after the user is created with:
FIRAuth.auth()?.createUser(withEmail: userName!, password: password!)
right after that I sent my user a verification email:
FIRAuth.auth()?.currentUser?.sendEmailVerification(completion:
{(error) in
if error == nil
{self.showSuccessPopUp()}
else
{self.showErrorPopUp()}
})
Everything works more than fine, no problem at all.
My question is: my user receives the email and - for any reason - didn't click on the autogenerated confirmation link.
Later on he open the app again and - forgetting that he already register once - tries to signup with the same email address.
Firebase just says that there's already an user created with that email address - as per documentation the user is created even if not 'active' -, therefore I'd like to give my users the option to have a "Resend verification email".
I've been digging into Firebase API documentation without a solution.
Does anyone have ever had the same 'issue' ?
Thanks for any help
Though late I would answer this in two scenarios:
1: You successfully called createUser, but when the user opens the app again, firebase.auth() says they are not signed in
In this case, the account exists with a password, so you will need to send a 'reset password' email, not an authentication email
2: You successfully called createUser, but when the user opens the app again, firebase.auth() says they ARE signed in
In this case, they are logged in, but not verified. Use
firebase.auth().currentUser.reload() // reloads user fields, like emailVerified:
if (!firebase.auth().currentUser.emailVerified) {
//resend verification email
} else {
//login
}
pardon my use of javascript but should be easy enough to translate
This question already has a short answer but I'll add my answer as I was facing the same problem. So there's already an user created with that email address. Later on the user opens the app again and wants to resend the email verification, but this time you don't create the user with email as there's already an user created in firebase with same email address, instead you can signing the user through firebase first as firebase already has user's details, if successful then get the current user from firebase. Now you can give your users the option to have a "Resend verification email" if they haven't verified yet. See the code below to get clear idea.
The following code assumes that user receives the email and - for any reason - didn't click on the autogenerated confirmation link. Later on he open the app again and - forgetting that he already register once - tries to signup with the same email address. Therefore you want give users the option to have a "Resend verification email".
firebaseAuth.signInWithEmailAndPassword(username, password)
.addOnCompleteListener(new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
if (task.isSuccessful()) {
firebaseUser = firebaseAuth.getCurrentUser();
firebaseUser.reload(); // Here you finally get the user, now you can send verification mail again.
if(firebaseUser.isEmailVerified()) {
// TODO
}else {
// TODO
Toast.makeText(LoginActivity.this, "Please verify your email first!", Toast.LENGTH_LONG).show();
}
}
}
});
Now set a button Resend or something
Here's the code for that
resend.setOnClickListener(new View.OnClickListener() {
#Override
public void onClick(View view) {
if(firebaseUser!=null){
firebaseUser.reload();
if(!firebaseUser.isEmailVerified()) {
firebaseUser.sendEmailVerification();
Toast.makeText(LoginActivity.this, "Email Sent!", Toast.LENGTH_LONG).show();
}else {
Toast.makeText(LoginActivity.this, "Your email has been verified! You can login now.", Toast.LENGTH_LONG).show();
}
}
}
});
This can be done using a firebase function with an email sending module (Nodemailer or Firebase Trigger Email extension for example)
The solution is in the firebase documentation
See section Generate email verification link
I'm trying to setup a password reset within an app using swift 2 and Firebase.
Following Firebases example:
let ref = Firebase(url: "https://<YOUR-FIREBASE-APP>.firebaseio.com")
ref.changePasswordForUser("bobtony#example.com", fromOld: "correcthorsebatterystaple",
toNew: "batteryhorsestaplecorrect", withCompletionBlock: { error in
if error != nil {
// There was an error processing the request
} else {
// Password changed successfully
}
})
How can I access an authenticated users email & password in order to pass those values to this function instead of the current mock data?
I'm not interested in sending a temporary password in a pass reset email.
I was thinking that I'd be able to access these values by something like:
let ref = Firebase(url: firebaseURL)
ref.authData.providerData.someValueHere
But I haven't been able to figure it out.
How can I access these values from the currently authenticated user?
How can I access an authenticated users email & password
Firebase does not store the user's password. Instead it stores a hash of the user's password. That means that there is no API from Firebase that returns a user's password.