Hi I am a rather new developer to Xamarin Android.
Before this I am able to authenticate users with the SignInWithEmailAndPassword from Firebase. It is for my testing purpose.
But now, I already have details and values of users signed up through website(and saved on realtime database), so I cannot use the SignInWithEmailAndPassword function anymore since now I have to authenticate users with the values on database.
Can I authenticate users with the typical PutString("email", "value entered by users") and getStringExtra function? My guts say I can but if I start then I would change a lot of codes now. So I need some confirmation or any reading materials.
p/s I have searched everything and all tutorials or answers are directing me to save the details when user first sign up on mobile. The case is not like this. Web sign ups do not use the same database as phone. I retrieved the values in JSON file and import them to firebase. The web uses Hostinger's database.
If you have an existing database of user credentials and want to sign them in to Firebase Authentication, you'll want to look at creating a custom token.
In this process you:
Sign the users in with your own credentials.
Pass the fact those verified credentials and other user info to a trusted environment.
Use the Admin SDK (as shown in the link above) to mint a custom token for the user.
Pass that token back the client-side code.
Use the custom token to sign in to Firebase.
As you can see this is quite a bit more involved than your current approach with SignInWithEmailAndPassword, because the Firebase SDK actually takes care of most of these steps in that case.
Related
I have an app, that on the first start generates a random user id and password to set up an account on my server and store them in the shared preferences.
I am looking for a way to write this data into the cloud so that if the user installs the app on a second device it will retrieve this account data and use them on the second device as well.
On iOS, this is a trivial task but I am still trying to figure out how to achieve this on Android. I tried an approach with Firestore, but it seems to be able to write to the Firebase database, the user has to log in with Firebase. I assumed being logged in to a Google Account on the device would do this, but I still get invalid permissions back when writing data.
I do not want to force the user to a separate login.
Any ideas on how to approach this task? Is it possible on Android at all?
I have an app, that on first start generates a random user ID and password to set up an account on my server and store them in the shared preferences.
If you have your own server where you authenticate the users, and you also want to authenticate to Firebase, then I recommend you check:
Custom Authentication System
I am looking for a way to write this data into the cloud so that if the user installs the app on a second device it will retrieve this account data and use them on the second device as well.
You just should never simply store the credentials in Firestore. Storing passwords in cleartext is one of the worst security risks you can inflict on your users. You should either use authentication with your custom system or use one of the existing providers, like Google, Facebook, etc.
I tried an approach with Firestore, but it seems to be able to write to the database, the user has to log in with Firebase.
It's recommended to authenticate the user in Firebase before reading/writing data from/to Firestore because you can secure your database using Firestore Security Rules.
P.S. Don't store data in ShartedPreferences because this type of data is stored locally and doesn't persist application uninstalls.
I have an app which is already published on the play store and uses some firebase databases whose security rules are public. So in order to make the rules private and fit in the security rules. I would have to implement Firebase Auth.
So my app login flow works as in identifying the user with their phone number OTP verification.
First, I don't want the user to change their login flow. Like I don't want to integrate Social Login.
So is there a way I can use Firebase Phone Auth to my existing flow and get the uid of the user so that in the Firebase DB rules I can use that uid for my auth?
Please help me! I am stuck at this and couldn't find any solution.
If I understand correctly you use a phone number OTP system that is not Firebase Authentication to identify your users.
There is no way to tie that existing flow to Firebase's phone number authentication that I can think of.
The two options that come to mind:
Replace your existing authentication system with Firebase Authentication, and map their new (Firebase) UID to the previous ID system.
Keep using your own phone number verification, and mint a custom Firebase token for your users based on that, then use that to sign in to Firebase. Generating custom tokens can only be done in a trusted environment though.
Scenario:
I want to create an android app which uses username and password for authentication. I decided to use firebase custom auth for that purpose.
From my android app, I am calling a firebase cloud function to authenticate the user with the provided user credentials.
Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs). You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the signInWithCustomToken() method.
Source: https://firebase.google.com/docs/auth/admin/create-custom-tokens
I would like to make use of firebase firestore to store username and password and use it to create custom JWT for Firebase custom authentication in firebase cloud functions.
Question:
Should I store user credentials in firebase firestore and if yes, what is the secure way to do so. If no, how should I proceed further?
How to create JWT in firebase cloud functions if the credentials passed to the function match with the credentials in firestore.
Note:
I don't have a credential system or own a server.
If you've never created authentication systems before, I highly recommend finding an existing implementation of such an authentication system for your app. Using something that is made by folks that do this for a living, is much less likely to lead to future data leaks that would negatively affect the users of your app.
That said: if you're going to build your own system, you'll want to have a look at this example usename/auth provider in the functions-samples repo. It shows how to receive the data, how to call a backend system, and how to mint a custom token.
For some information on how to store username/password, see Best way to store password in database. Storing this information in Firestore is a common approach, and no better or worse than storing it in any other properly secured cloud-based database.
I am using firebase auth on my android app. Now while signup if a user gives some non existing email, It still lets the user to signup. and saves the information on the database. How to prevent that?
The only way to check an email address is 'real' is to require the user receive an email on that address and respond to it - as this work flow is so common firebase has specific workflow to deal with it; That a look at the documentation here https://firebase.google.com/docs/auth/web/manage-users#send_a_user_a_verification_email
You can authenticate your users in several ways:
Custom Email/Password Login (One that you are trying i guess). Be clear of the fact that you will have to first register your users, store their registered data online on firebase database, and then verify the registered data (in the database) when they login with the previously input credentials.
If you want your users to login using authentic credentials beyond your database's information, the most easy and useful way can be using Facebook or Google Authentication. Note that you don't necessarily need to have those apps on your phone to login using these methods. You can follow the following links to guide you through the steps to do so.
https://firebase.google.com/docs/auth/android/facebook-login
https://firebase.google.com/docs/auth/android/google-signin
i'm creating an android app, which requires some authentication system. I want to have 3 options to log in users: mail&password, facebook login and anonymous access (in case of anonymous i'll create some kind of anonymous account, so user'll be able to give his credentials later and secure his account with 'normal' password).
I'll also have my own webservice for this app. Webservice is in fact the most crucial part and android app will just show data from WS and put some new data on it.
I'll be using Firebase for handling notifications.
My question is: should i use Firebase authentication in this scenario or maybe it's better to stay with own authentication system? If i use Firebase i still need to have users in my database (webservice requires some info about users).
Is firebase authentication good choice for project like that?
Even in the case of Firebase where we use firebase authentication and the firebase database together, only a few details of user(user id, login email or number, provider details etc) are available under the Authentication tab. The rest of the details we receive after login and other custom user information we collect from the app have to be saved in the Firebase database.
So even if you have another Web service instead of using Firebase Database, you can use Firebase Authentication. There are definitely great advantages if you use Firebase Authentication.
Save time on developing Webservice methods for authentication :
Instead, you can just have a method to store user information after the user authenticates with Firebase. Also, there is considerable time saved since you can avoid developing server-side methods for different kinds of token verification in case you want to add social logins like Facebook and Google.
All that will be handled efficiently with Firebase.
Detailed Analytics: Also with Firebase authentication, you can also get good analytics and demographic information of users.
You don't have to use Firebase authentication in order to use FireBase Push Notifications, Invites, etc.
That's one of the beauties of Firebase; you can choose which service to use.
Since everything is built already, I would continue to use your own Auth system
You can save all users, and you can authenticate with Google, Facebook, only email.
It's like a database online and it's easy to connect with the same at Android Studio and after you can login with the users.