The company I work for has a production ROR web application that handles user authentication using devise on backend. I´ve been asked to develop a mobile app using specific IONIC 3 with firebase template, This app works along with existing ROR web app and I cannot modify backend auth, so I implemented Firebase´s Custom Token authentication and had it to work. For testing purposes I registered manually user accounts in Firebase console using existing username and uids on my baackend, but when I try to login using a user account that is not manually registered, I get the following exception "there is no user record corresponding to this identifier" I know it is because there is no user wit that uid in firebase, but reading the documentation I found here it says "...After a user signs in for the first time, a new user account is created and linked to the credentials—that is, the user name and password, phone number, or auth provider information—the user signed in with. This new account is stored as part of your Firebase project, and can be used to identify a user across every app in your project, regardless of how the user signs in...." so my question is, Is there a way to have firebase register users automatically after using SigninWithCustomToken? Can anyone advise on a correct flow to achieve sync between current back end and firebase users?
I´ve never used firebase before and have not found more than very basic documentation.
Thanks in advance.
Related
In my firebase project, I have 2 apps. One for the user and one for the driver. I'm using phone/sms authentication + email and password for user to signup.
It's working fine if the user is using a different phone/phone number to signup to two different apps.
However, when I signup using the same phone/phone number to both apps(in the case where I can be a user and also a driver), it throws this error to me:
Signup error: Error Domain=FIRAuthErrorDomain Code=17015
"[ERROR_PROVIDER_ALREADY_LINKED] - User can only be linked to one
identity for the given provider."
UserInfo={NSLocalizedDescription=[ERROR_PROVIDER_ALREADY_LINKED] -
User can only be linked to one identity for the given provider.,
error_name=ERROR_PROVIDER_ALREADY_LINKED}
That's because Phone Authentication only allows a single session per user. You can not be logged in on 2 devices at the same time, for security reasons.
If you want to allow your users to login to both apps at the same time, you should consider using a different Auth Provider. Maybe Email/Password.
ERROR_PROVIDER_ALREADY_LINKED is thrown when you can try to link a credential to a Firebase user when that user already has a credential linked for that type of provider.
In your situation, I speculate, the user already has a phone number and you are trying to link another phone credential to the same user.
I am building an app in Swift using Firebase. I want to authenticate user with email and password, but before create an account I need to verify the user's phone number.
I tried several ways but I'm still struggling with this issue .
I successfully Authenticated a user with Phone Number (I followed the great tutorial for the phone auth in Authenticate with Firebase on iOS using a Phone Number)
and successfully Authenticated a user with email and password (I also followed the tutorials in Authenticate with Firebase using Password-Based Accounts on iOS).
But I can't verify the user's phone number and then authenticate the user with his email , password and attach the verified phone number with other user information such as ( unique username , PhotoURL ...etc).
There are a couple of ways to achieve this. First and foremost, based on my experience its better you verify the users phone before going to authenticate them, like you are trying to do. I am assuming its an iOS app
I do not think firebase has that functionality built in natively. You may have to use some other third party solutions like Snich - https://www.sinch.com/products/verification/ or nexmo - https://www.nexmo.com/. Personally I have only used nexmo in my previous implementations So I could guide you through that path. You would need to create an account here - https://dashboard.nexmo.com/sign-up
When done, login and click on Verify at the top of the page, look to your left hand side of the page you will find Create an application. Click on it and create an application with your app name, specify the options you want based on your apps preference. When done an app secrete and app id will be generated for you. Please note it down.
Now am assuming you already have pod setup in your project, so I will not go into that. I mean for you to have firebase implemented then you have pod setup in your project. Add the nexmoverify sdk to your project by doing this: pod 'NexmoVerify'
The github repo for nexmoverify is: https://github.com/Nexmo/verify-ios-sdk
Go through their repo it will guide you.
You can then integrate Nexmo verify SDK into your project by following this guide - https://docs.nexmo.com/verify/verify-sdk-for-iOS/integration
That should get you going. If you encounter any challenge let me know and I will guide you
I have an iOS app that I'd like to restrict access to, making it only available to users from a specific email domain.
The app requires the users to log in using their Google Account.
I've found various answers online that suggested adding
".read": "auth.token.email.endsWith('gmail.com')"
But that doesn't seem to return an error in the sign in page, but only when the user in question tries to access the database. Any suggestions?
You will have to enforce that. You have multiple tools to do so:
After signInWithCredential resolves, you can check the domain and that it is a google.com provider. If you are allowing email/password users, you need to verify those too. If the user doesn't meet your criteria, use the delete API on the user and issue an error to the user that they need to sign in with a certain account.
Enforce the check in your rules, as you can't always trust the client. Ensure that if a user signs up, and isn't deleted, he/she can't access the data.
Use Firebase functions which has a trigger for user creation. On user creation, check your criteria is met, if not, use the firebase-admin module to delete that user.
If you are using the Google sign-in library for iOS to get the Google credential, you can check the Google user email and Google ID token before you signInWithCredential in Firebase and block the sign in attempt.
Write your own clean up script: If you are hosting your own server and do not want to use Firebase Functions, you can run a daily script that downloads all your users using the Firebase CLI SDK and then deletes all users using firebase-admin SDK that do no match your criteria.
Since the required email domain is #gmail.com, you could just disable the email and password and enable the Google sign in method in your Firebase console. So, the only way a user can sign in on your app is with a Google account.
https://firebase.google.com/docs/auth/ios/google-signin
Include the email and password sign up option and just check for domains within your app. This will be a simple string comparison test on the email address.
Or just spin up a server to which you'll be sending the emails to for verification. This way you wouldn't have to push out new updates every time you add an extra domain. You can try and see if cloud functions would be helpful instead of spinning up a new server.
I have an app in which i want to only add a logIn button. No signUp.
I am thinking of it like this please tell me if this can work?
SaaS based. So if a business wants to use app, they must sign up on website.
once they do, they can download app where i will give them their logIn Credentials.
Therefore if someone downloads my app from the app store they cannot register unless they are a SaaS customer. Only LogIn with the credentials i provide after signing up and paying for the service.
This being said, if this is doable. i used the parse swift signup code to get my classes working on parse.com
If i go into the users class, i can add new usernames and passwords. (Great!)
If i delete the SignUp code now from my app, and add the LogInUserinBackground code will it still work for logging in users so long as i add their credentials on the Back-End?
Thank you for all responses! Much Appreciated.
Yes, that can and will work.
You can of course remove the ability to create users via the app and only support the creation via the application. Just set the user up via the website, assign the username and password and you are ready to go. Of course you have to create some kind of login form inside the app - what you cannot do is customize the application one user downloads to one specific SaaS customer so that he gets logged in fully automatically. At least once the user has to enter the user credentials in the app.
And as far as I am informed that is even allowed by the app store guidelines - you only have to make sure apple gets a demo account when submitting the app in the end.
This is probably a repeat. However, the other answers haven't helped me out. So, here goes.
I'm working on an application and we with need to add 'users' to it. We'll be giving the option for people to sign in with Facebook, Twitter and LinkedIn. I've worked with these APIs before, however never combined them globally.
How can I maintain and manage these users that will use different services to log in. I'm confused as to how they would be stored in a database, would I need to have a different table for each different social service or is there a way to implement a table that will house all users in one place.
From what I understand, you're asking how to manage, store, verify users that will be logging in your application through different social services.
This is how we've implemented it through the various projects we've worked with. From the list of services you've provided we've worked only with twitter and facebook, so I can only speak about that.
Setup:
We have a web service that our iOS app communicates with such as when the iOS app needs to make a request call for user login the server would take the user details trying to login and gives back a response where the app would then do whats necessary.
We have a database stored on the server with a users table which is used to verify a user.
That being said, you need to understand whats common between most social services, or to at least know what the property is that is used by these social services to uniquely identify its users. In this case they all use email to identify users.
You'll find that when interfacing your app with these different APIs, they like to use a login session key used for unique logged in sessions.
So on your database you would store whatever details you want to save of the user, but know that you need to store atleast the username, password (encrypted), email (for identification, unique column), and login_session_key.
Just double check that linkedIn does have something like a session key that it creates when a user logs in with that method. Facebook and twitter do. Send at least the 4 main data properties needed (username, password, email, session) to the server You then follow this sort of approach:
New user
If the user that is new tries to login, the server first checks the email provided even exists in the database, if it does not then you sent a response back alerting the user that the user does not exist; your app would then take them to the register screen for example.
If the user is in the registry page, save all the details you want to store of theirs including username, password and email.
Members
If the user logs in the email will exist on the server side, its an existing user so just update the session key that was sent from the app on log in if the password matches, (in some apps these session keys are used through the life cycle of the application being used, with each request sending the same session key and if at any point the session key does not match during app interaction, it can be concluded that the user has logged elsewhere on another device perhaps.
if the password does not matches return the appropriate message.
That's about it really. We're able to store all facebook and twitter users in one table.