We use Firebase Auth & Firebase Database for user authentication. For complex reasons, we keep user passwords in both locations.
How do we UPDATE the Firebase Database /user node after the user has changed their password in Firebase AUTH?
Is there a completion block in the Firebase Auth > Password Reset work flow that we can simply update Firebase Database with the new password? I'm not sure if Firebase will pass the NEW PASSWORD to us to update in Firebase Database /user node.
One idea we had was to just update the user info in Firebase Auth using the 'updatePassword' function, but Firebase says that if the user has not logged in for a while, then the user has to be re-authenticated. So we're not sure how to work around that issue.
Any suggestions or thoughts or advice on the work flow?
Thank you in advance.
Firebase Auth cannot reveal the users password. If you noticed no admin can get the users password through the Firebase Auth interface either.
I've tried doing this using cloud functions, but it didn't work either. If the user resets the password, it's completely between them and Firebase.
I guess you are setting the password yourself the first time, and then store it in the database. But there is no completion function for Auth that can retrieve the password the user just put in. For safety reasons.
if you are using the updatePassword function, the user must have write access to the node in the database that could store the password.
Yes there is I’m pretty sure it is:
Auth().auth.currentUser.changePassword...
If it is not just search online for changing user password swift and look at the Firebase documentation.
Related
I want to know, is there a way to retrieve the current user's password? Or just check if his password != "acertainvalue". I'm speaking when the current user is connected through Firebase authentification. Thank you
There is no way to get the current password from the Firebase Authentication API as that would be a big security risk.
I'd also in general recommend against persisting the user's password as plaintext anywhere yourself, for the exact same reason.
If you need to check the user input against a specific value in your code, you should do that check right after you get the input from the UI - and before passing input on to Firebase.
This is my scenario. I am developing a firebase login iOS app. For this i am using Email & Password Authentication and facebook authentication. Lets assume if user knows his email but forgot the password. How can i identify if the user logged in with facebook or email, and how to reset the password? i searched a lot. But could not find a solution for that. can anyone help me.
You can lookup the providers linked to an account using:
fetchProvidersForEmail
To reset the password, use: sendPasswordResetWithEmail
There are also instructions on how to send the password reset and redirect back to app:
https://firebase.google.com/docs/auth/ios/passing-state-in-email-actions
Try the following.
Whenever a user signs up with your platform, be sure to save their basic information e.g. email, name, photoURL, signup/loginType, user-id etc to a database of your choice i.e Firebase Firestore or the Realtime Database(RTD).
So you could have the following Scheme in the RTD for instance:
my-app
----users
--------user-id-1
------------name: User 1
------------email: user1#domain.com
------------loginType:facebook
------------id: user-id-1
--------user-id-2
------------name: User 2
------------email: user2#domain.com
------------loginType:email
------------id: user-id-2
---etc
This way if a user claims to have forgotten their password, you can do a quick lookup via email and obtain the users id. For the Realtime Database I would recommend denormalize your data a bit more so that you can retrieve user id's by email. This is what I mean
my-app
--users
--------user-id-1
------------name: User 1
------------email: user1#domain.com
------------id: user-id-1
--------user-id-2
------------name: User 2
------------email: user2#domain.com
------------loginType:email
------------id: user-id-2
--users-by-email
--------user1#domain.com
------------user-id-1
--------user2#domain.com
------------user-id-2
In this case you can easily find the users id based on their email if you search the users-by-email field and insert the users email as a key. It should return the userid.
In Firestore, I believe you can easily query for this without having to denormalize your data.
Once you have access to the users-id and email, you can follow this guide by #JenPerson from the Firebase team on how to mint your own Authentication tokens, that will let Firebase know you are re-authenticating a specified user with different credentials
What would be the easiest way to have a contact form implemented into an Xcode ios app, where the user inputs their email, name and some hidden variables from within the program?
I'm thinking a firebase service will work well, as I don't want to use the built-in email form.
The contact form also needs to know if the form was submitted successfully, such as if the internet was out, or the server/service couldn't be reached. Any help or useful links would be greatly appreciated.
Firebase Authentication is great, it allows you to sign up/sign in users, so you can store them safely there.
Auth.auth().createUser / Auth.auth().signIn
The first method will create an auth user and returns you an uid key for that user, so you can use their Database to store anything related to that user using that uid. The second method will login an user and returns the current user logged in uid, so you can manipulate your data. You can make sure they worked by using the completion and checking if error is == nil.
I highly recommend you to use Auth to authenticate them, otherwise you would have to store their emails and passwords on your Database, and you would have to encrypt them.
Check their documentation here: https://firebase.google.com/docs/auth/ios/start
The company I work for has a production ROR web application that handles user authentication using devise on backend. I´ve been asked to develop a mobile app using specific IONIC 3 with firebase template, This app works along with existing ROR web app and I cannot modify backend auth, so I implemented Firebase´s Custom Token authentication and had it to work. For testing purposes I registered manually user accounts in Firebase console using existing username and uids on my baackend, but when I try to login using a user account that is not manually registered, I get the following exception "there is no user record corresponding to this identifier" I know it is because there is no user wit that uid in firebase, but reading the documentation I found here it says "...After a user signs in for the first time, a new user account is created and linked to the credentials—that is, the user name and password, phone number, or auth provider information—the user signed in with. This new account is stored as part of your Firebase project, and can be used to identify a user across every app in your project, regardless of how the user signs in...." so my question is, Is there a way to have firebase register users automatically after using SigninWithCustomToken? Can anyone advise on a correct flow to achieve sync between current back end and firebase users?
I´ve never used firebase before and have not found more than very basic documentation.
Thanks in advance.
I have an iOS app that I'd like to restrict access to, making it only available to users from a specific email domain.
The app requires the users to log in using their Google Account.
I've found various answers online that suggested adding
".read": "auth.token.email.endsWith('gmail.com')"
But that doesn't seem to return an error in the sign in page, but only when the user in question tries to access the database. Any suggestions?
You will have to enforce that. You have multiple tools to do so:
After signInWithCredential resolves, you can check the domain and that it is a google.com provider. If you are allowing email/password users, you need to verify those too. If the user doesn't meet your criteria, use the delete API on the user and issue an error to the user that they need to sign in with a certain account.
Enforce the check in your rules, as you can't always trust the client. Ensure that if a user signs up, and isn't deleted, he/she can't access the data.
Use Firebase functions which has a trigger for user creation. On user creation, check your criteria is met, if not, use the firebase-admin module to delete that user.
If you are using the Google sign-in library for iOS to get the Google credential, you can check the Google user email and Google ID token before you signInWithCredential in Firebase and block the sign in attempt.
Write your own clean up script: If you are hosting your own server and do not want to use Firebase Functions, you can run a daily script that downloads all your users using the Firebase CLI SDK and then deletes all users using firebase-admin SDK that do no match your criteria.
Since the required email domain is #gmail.com, you could just disable the email and password and enable the Google sign in method in your Firebase console. So, the only way a user can sign in on your app is with a Google account.
https://firebase.google.com/docs/auth/ios/google-signin
Include the email and password sign up option and just check for domains within your app. This will be a simple string comparison test on the email address.
Or just spin up a server to which you'll be sending the emails to for verification. This way you wouldn't have to push out new updates every time you add an extra domain. You can try and see if cloud functions would be helpful instead of spinning up a new server.