I'm using Firebase and I'm trying to add a username,telephone number, the database with the password.
s there a way to do it or is createUserWithEmailAndPassword() function only for email and password?
Given the method name createUserWithEmailAndPassword, it would seem that is creates a user with an email and a password.
There is nothing built into Firebase to create a user based on a user name as phone number. The two most common approaches are:
Use an existing Firebase identity provider to create a user based on for example the phone number, and then store the additional information in the database associated with that user.
Create your own identity provider that does precisely what you want.
Related
We have an app that allows us to signup using one email id and can add/ link another email id. When we enter the home page after signup, it should show the teams/challenges created using the first email id on the top and the teams created using the second email id on the bottom. We are thinking of using firebase for backend. Is it possible to have two email ids active at the same time?
No. You must go outside BaaS, particularly Firebase, as you have mentioned. You can consider making your own backend server for that feature.
What Firebase can provide you is the ability to have a single email address connected to different sign-in methods.
ref: https://support.google.com/firebase/answer/9134820?hl=en&ref_topic=6386702
If you're using Firebase Authentication to sign in users, then no, it's not possible to have two accounts signed in to a single device at a time. If you sign in a second account, then the first one will be automatically signed out.
If you want to "link" two accounts in such a way that they can query each others' data, you're going to have to establish that relationship in your database or custom claims, and use that in security rules to allow shared access to data.
My question is similar to What data can I save in my database to verify a user with Google sign in API?
I've built Google Sign In correctly and I get a response from the API like this:
{
"iss":"https://accounts.google.com",
"at_hash":"xxx",
"aud":"xxx.apps.googleusercontent.com",
"sub":"xxx",
"email_verified":true,
"azp":"xxx.apps.googleusercontent.com",
"email":"xxx#gmail.com",
"iat":xxx,
"exp":xxx
}
The SO link above says to save the sub field as this is a unique identifier. I can save the email/sub no problem. My question is: How do I allow this user to sign in next time with an email/password form, if they choose to do this, versus OAuth? I guess I could force them to sign in thru OAuth, then verify they're signed in and have them create a password, but I don't know if that's the best way to do this.
The "sub" parameter is only guaranteed unique for the "iss" parameter. So the combination of "iss" and "sub" is globally unique.
If you MUST store a password you will need to ask the user. Some apps put in a random-complex password for every user as some application frameworks require a password. This may be helpful if they forget they used Google to sign in for you to do you due diligence in assigning a temporary password for the user with the email address.
You should of course consider that the email address is globally unique at any given time, but could be reassigned in some cases.
This is my scenario. I am developing a firebase login iOS app. For this i am using Email & Password Authentication and facebook authentication. Lets assume if user knows his email but forgot the password. How can i identify if the user logged in with facebook or email, and how to reset the password? i searched a lot. But could not find a solution for that. can anyone help me.
You can lookup the providers linked to an account using:
fetchProvidersForEmail
To reset the password, use: sendPasswordResetWithEmail
There are also instructions on how to send the password reset and redirect back to app:
https://firebase.google.com/docs/auth/ios/passing-state-in-email-actions
Try the following.
Whenever a user signs up with your platform, be sure to save their basic information e.g. email, name, photoURL, signup/loginType, user-id etc to a database of your choice i.e Firebase Firestore or the Realtime Database(RTD).
So you could have the following Scheme in the RTD for instance:
my-app
----users
--------user-id-1
------------name: User 1
------------email: user1#domain.com
------------loginType:facebook
------------id: user-id-1
--------user-id-2
------------name: User 2
------------email: user2#domain.com
------------loginType:email
------------id: user-id-2
---etc
This way if a user claims to have forgotten their password, you can do a quick lookup via email and obtain the users id. For the Realtime Database I would recommend denormalize your data a bit more so that you can retrieve user id's by email. This is what I mean
my-app
--users
--------user-id-1
------------name: User 1
------------email: user1#domain.com
------------id: user-id-1
--------user-id-2
------------name: User 2
------------email: user2#domain.com
------------loginType:email
------------id: user-id-2
--users-by-email
--------user1#domain.com
------------user-id-1
--------user2#domain.com
------------user-id-2
In this case you can easily find the users id based on their email if you search the users-by-email field and insert the users email as a key. It should return the userid.
In Firestore, I believe you can easily query for this without having to denormalize your data.
Once you have access to the users-id and email, you can follow this guide by #JenPerson from the Firebase team on how to mint your own Authentication tokens, that will let Firebase know you are re-authenticating a specified user with different credentials
In my firebase app, a users feed is populated with posts, however the usernames of the posts are displayed. However, the username is inside of the snapshot, but there is no place where it is displayed in the app. Is it secure to have the username transferred to the client's device if they are not supposed to be able to access it? Would it be better to remove the username from the snapshot in the posts node and instead create a separate node which has the username for each post, accessing the username each time it is needed so that when a users feed is populated the username is not sent in the snapshot?
Any data that is transferred to the device, can be accessed by the user on that device. If you want certain data to be non-accessible, don't transfer it to the client.
A common way to do this is to make an extra node that contains only the information that is publicly readable. For some example of this, see:
Firebase: How to structure public/private user data
How to create public/private user profile with Firebase security rules?
How to create public/private user profile with Firebase?
Make a public profile and a private profile in angular 4+
I'm building an iOS app with a Rails backend. The user can log into the iOS app with Facebook.
What is the best way to associate this with a User record on the backend?
My thinking is to get the Facebook UID, check if a record exists with that ID in the Users table and if not create an account by storing the UID and Facebook email. Is this the correct way this should be done?
I haven't written a system like this before so I want to make sure I'm not going about it completely the wrong way.
Thanks
it looks like you might want to check out parse.com as a backend service
But either way what you suggested is pretty much how they are implementing it and they were acquired by Facebook so I believe they do it right:
add a column called 'fuid' to store the Facebook ID and check if such an entry exists before adding a new user entry to the User table
I think this railscast will be a good way to start from. For the database of app you can create an authentication table where you can store the type of authentication(in case you change your mind and want to sign up users from twitter or somewhere else), uid and the access token. You will also need a users table where you can store all the information related to a user. Not to forget a user will have many authentications or one authentication depending on your need.
As for the flow of app you can go two ways:
a. You get the users approval from the facebook, store access token, uid and get users email, first name or whatever information you need and then store it all in the back end and then sign up him/her.
b. Get the approval from user, store uid and access token and then render a form which will be filled with the user's information like first name,last name etc. User will create a password for your app and then you can sign up him/her.