Just a quick question. I have setup a backend using Firebase and I am using swift. I have the create a user, login a user and forgot a password all working correctly. But does anyone know how to check when a user logs in if they are using the reset password from the email which was sent out.
What I want to do is check upon login if they are using the email reset password and if so I can then enforce a password change upon them. I cannot seem to find out how to do this.
Thanks
Once a user requests a forgot password email, they will receive an email with a temporary (24 hour) token that they must log-in with and then change their password from there.
Check the documentation for more information regarding password and email changes within your application. https://www.firebase.com/docs/ios/guide/login/password.html
The way I handled this was slightly differently than what you described, but it gets to the same place. After the user gets a temporary password they are prompted to enter in the temporary password sent to their email. Immediately after they enter it they are then asked to change their password to something new before they can proceed. I figured those temporary passwords are so complex no one is going to remember or hold onto them for long, so it's best to get them using their own password ASAP.
https://firebase.google.com/docs/reference/ios/firebaseauth/api/reference/Classes/FIRAuth
In Swift 3.x and Firebase 3.x
FIRAuth.auth()?.sendPasswordReset(withEmail: email) { error in
// Your code here
}
Firebase 4 Version
Auth.auth().sendPasswordReset(withEmail: email) { error in
// Your code here
}
Related
I am developing Android app using Firebase. Because of that, I want to use Firebase Auth. I have following requirements:
Register/Log in using Facebook
Register/Log in using Email/Password
Register/Log in using Phone Number/Password
The first two are OK, I followed basic tutorials. However, Phone Number / Password is the problem here. Firebase supports only Phone Number/SMS Token for this (its called Phone Auth), but there is no mention about my case. I do not want to hack Firebase and use its realtime database instead of Auth 'database'. Is there any better way to achieve this?
Thank you.
If you have both email and phone of your user and you can use Admin SDK, then perhaps you could exchange users phone number to his email and login with email and password in the background.
Something like this (node.js)
admin.auth().getUserByPhoneNumber(phoneNumber)
.then(user => {
firebase.auth().signInWithEmailAndPassword(user.email, password);
});
Firebase phone authentication is using OTP(one time password). This way there is no hassle for the user to remember the password. Once authenticated, you will be registered. The sms code acts as a password. But that is for one time. Usually , users prefer such behaviour in which you dont have to remember the passwords. If you are still looking for the way you want, see this link and create a custom authentication method.
https://firebase.google.com/docs/auth/android/custom-auth
I had a similar problem -
I combined firebase auth(email + password) with (phone+otp) to get phone+password auth -
https://medium.com/#shivampesitbng/firebase-phone-password-auth-in-vue-b94f15b8fb3d
Use Fake Email:
Well, Firebase doesn't support sign in with mobile number and password but it supports email and password. So you can create a fake email with your mobile number.
Ie: 78******69#yourdomain.com
Also, you can create a complete Authentication system using it.
Registration:
Input user mobile and password and proceed to the next page.
Now use Firebase Phone Auth (OTP) to createUser. If process success, link fake email, password credentials in background.
AuthCredential credential = EmailAuthProvider.getCredential(email, password);
auth.getCurrentUser().linkWithCredential(credential);
Login:
Input mobile and password to login. Convert the mobile in fake email and then signInWithEmailAndPassword().
Forget Password:
Redirect the user to a new Page and user Phone Auth to verify the user. If successful, input a new password and change the password of the Email Auth.
I am creating a basic iOS app using objective c where the user needs to register and I am saving the login credentials(username, password and email) in keychain.
I want to give forgot password functionality and was thinking that once the user clicks on forgotten password, I will ask for the user email and match with stored one in keychain and if positive I will send email from the app in background to the user email with password in it.
However I am not sure is this safe and good practice?
I am not using server, so cannot send mail from server.
Or is there any better way to do it. Please suggest?
The steps mentioned at Reset User Password seems a bit confusing to me.
For example, A user normally reset his password because he cannot remember existing one.
Now, the above link mentions that
The refresh token can be retrieved by calling user.token after logging in via Realm.Sync.User
But, as user does not know his current password, how can the app get the refresh token?
I seem to be missing something here, not sure what..
Would be nice if someone could explain the complete steps for password reset by user.
"Password reset" is a bit of a misnomer. The functionality in question is intended for a logged-in user to change their own password (for example, from a "Settings" or "Profile" screen), or for a user with administrative privileges to change an arbitrary user's password.
There is another common use case in which a user who is logged out and does not remember their password wishes to reset it. In many cases this process involves sending them an email with a link which, upon being visited, will allow them to specify a new password. The Realm Object Server doesn't support this sort of password reset out of the box; you may want to file an issue at its issue tracker to request it (since it seems quite important).
I'm new to using Amazon Cognito on iPhone app and have been testing it using the example provided. I'm testing the import user function and having problem with it. The import was successful and reset password was required. As stated in documentation, I have to run through ForgotPassword function to change to new password. I've done this and status in my console is changed to "Confirmed". But when I try to login using the new password, I'm getting "Incorrect username or password". I'm sure my username and password is correct.
Anyone have this problem before? How can I fix this?
It is unexpected. Once the user is confirmed, the user should be able to login with the new password. If the problem still exists, I suggest you to check the username field. Do you use phone number or email address as the username for signing in?
I'm trying to do the following: I have a page with a form for login and password.
Is it possible to use this form for both registration and authorization. For example i'm visiting the page for the first time and enter my email and password. Then if such email already exists i get an error, otherwise an account is created for me. Searching for the way of implementing this gave no results.
Does anyone know hot to make it possible?
This approach has one drawback: If user mistyped password then he would probably never login again. Solution - to use email for password recovery.
Other approach is to let user input email and while user will type password check if email is already in database. If it's not available then add password confirmation field to the form.
How to make it possible? Just program the necessary logic on server-side and client-side.