I have an Android app where users are registered in the app with their phone number, I am using Firebase to store in Authentication their phone and their email and also I am saving in the Realtime Database their phone, their full name, and their email. The structure in the Realtime Database is as follows:
Auto-Generated ID
+16505553434: "some#email.com"
email:"some#email.com"
first name: "First name"
last name: "Last name"
phone: "+16505553434"
After the user has registered and signed out when they try to use the app again I want to: if the user exists I don't want to do phone authentication again this should happen only once when they register if the user exists in the database I want to just type their password and log in. But the problem is how will I check if the user is phone registered in Firebase.
If the user has registered I want to show a layout for the input password while if the user is not registered I want to show the OtpView so that the user to do phone authentication-registration.
When the user has signed out the FirebaseAuth.getInstance().getCurrentUser() is null so i cannot use that.
What can I do to check if the user is registered or not?
After the user has registered and signed out when they try to use the app again I want to: if the user exists I don't want to do phone authentication again this should happen only once when they register if the user exists in the database I want to just type their password and log in.
When a user is authenticated with the phone number, there is no password involved. The authentication is made using the verification code that is sent via SMS. So if the user signs out, there is no way he can simply log-in using a password. He can log-in again using the phone number or any other provider.
But the problem is how will I check if the user is phone registered in Firebase. If the user has registered I want to show a layout for the input password while if the user is not registered I want to show the OtpView so that the user to do phone authentication-registration.
You can simply check your database against the phone number to see if the user already has an account. A query like this might do the trick:
db.child("users").orderByChild("phoneNumber").equalTo("+16505553434");
If you get a result, it means that the users exist. To be able to let the user "log-in with a password", you need to enable this kind of authentication. You can do it very easily in the Firebase console. But bear in mind that this is another type of authentication that cannot be combined with the first one. Check the docs regarding Authenticate with Firebase using Password-Based. So you can either sign-in with the phone number or with the email and password. You cannot sign-in with a phone number and password.
When the user has signed out the FirebaseAuth.getInstance().getCurrentUser() is null so i cannot use that. What can I do to check if the user is registered or not?
When the user signs out, the FirebaseUser object is null. There is no way you can get data from that object. All you can do it to query the database.
Related
I am building an android application with java but when I am using the google sign-in auth with firebase time I don't know that is the user is already available in firebase auth.
BECAUSE: i want that if the user is not in firebase and just sign up with google then i will show him a screen where he can enter his bio (about) and if the user is already in firebase and sign in later I will not show him that bio screen
Thanks in Advance
It sounds like you're trying to store some profile information about your users in Firestore.
In that case, once the user is signed in, you should check if you already have a profile document for that user in the database. This is easiest if you use the ID of the user as the document ID in Firestore, for example Firebase Authentication's UID, or (if you're not using Firebase Authentication) Google's sign-in's account ID.
If the document exits, you know about the user already. If it doesn't exist, you'll want to send them to the profile screen to enter their bio.
you can store the email of the sigin user in database and on the time of signup you can check that the email is already in database or not.
I Saw videos on youtube that shows users has been deleted whether manual in firebase console or programmatically by the user also alert will be received that "user it can't be recovered". However, after deleting the same user has been recreated again, How can I recreate authentication user by phone number after delete user?
If you're asking how to generate a user profile with the same UID as before you deleted it, that is not possible. The user can sign in with the same credentials, but that will create a new user profile, with a new UID.
So I have created an app that handles the authentication of phone numbers using firebase. Now I have another button called "Log in", I want this button to check if the any inputted phone-number is in registered in firebase and if its there I want it to go to the next screen(an intent) but if its not registered yet it should display unregistered phone number.
In firebase, each registered phone number will have a unique id. So if a user login multiple time or from multiple devices he/she will get the same id. With this, you can check wheater the user is already registered or not.
You can use functions like docRef.isExists(), were docRef is your document reference.
Hope this help!
i am creating an android app that can register a user through social networking sites like gmail, Facebook and twitter. Now if a user logged in through his/her email id then i can register him through his email id, but if a user is logging in through phone number, and he hasn't provided any email id in Facebook, so how can i get any verified data like phone number or email id as Facebook does not gives its user phone number here and user hasn't provided any email id in Facebook (he has logged in via phone number)
Edit
this is what i've tried so far
here i use to login a user though phone number and that user is not so frequent actually so the only few details i get so far
There is no way to get the phone number of a Facebook user via the Graph API. Even not if the user set it to public.
When the user logs in from Facebook in your app you can place an Edit text which would already be half filled with the information provided by Facebook and then you can ask the user to fill the empty required fields it could also act as final confirmation of the user info and then proceed further.
Thanks
I'm trying to integrate an existing login system for a mobile application with some social media sign-in solutions. I successfully managed to integrate both facebook and google+ sign in with my app and I get to the point where the users are signed in and I can get their social information.
But now I was left wondering which would be the best approach in order to integrate users that decided to use a social media account with my native login system. Should I use their email accounts as login and maybe generate a password on the server side? Or maybe use an oauth token instead of a password?
I need to keep track of my users, even the ones that did not formally filled a registration form. So what should I place instead of email + password?
This can be tricky - the majority case is easy, but you need to think about the edges. I find it easer to consider email/password as just another authentication mechanism. You want
A user record with the core data about that user (perhaps name, email address, app specific profile data etc.)
A series of records for their connected auth methods, e.g. Google+, Facebook, user/pass.
The connected auth methods can store the relevant information for those methods - e.g. for Google it would likely be Google user Id and perhaps refresh token if using offline access. This makes it easy for you to offer connecting multiple social accounts.
Password may be a special case that you want to store against the original user record. In that case, if someone signs-up using a social login, then you can either generate a random password, or leave it null. Either way, as long as you request the email address for the user, you can always let them go through a Forgot Password flow (where you generate and email them a password) if they want to access their account but no longer have their 3p login.
What you don't want to do if avoidable is to force the users to give you a new password just after they sign in. However, it you are allowing multiple login methods to be associated with one account, you might want to allow associating them. So, your flow might be:
User signs in (with 3p or email/pass)
If you have a record for that login method (e.g. matching Google or Facebook user id, matching email/pass combination), sign the user in, and you are done.
If you have no matching record for that sign in method:
See if you have a matching email address with an existing user account. If you do, some sites automatically merge the new login method to this account. If privacy/security is more of a concern you might want to confirm the user wants to login to that account, or make them go through a 1-time validation (e.g. "it looks like you've signed in with a password before, please enter your password now to link your account and your Google account" etc.). Then link the accounts and continue as if signed in.
See if you have an account which may be that person. E.g, perhaps you have an account with a matching name. In that case, you might want to hint the user to connect their accounts (e.g. a prompt somewhere that says "have you connected before with Facebook? Click here to link these accounts" which then takes the user through a sign in process for the login method you suspect they might have).
If they look totally new, create a new user record, and treat them as newly signed up.
Its significantly easier if you can treat email address as a unique field. That means if someone signs in with a 3p account associated with an email address you already have a user for you might have to force them to link their account before continuing. If they didn't want to and you required an email address, you could prompt them to enter one manually and then validate it as normal by sending them an email and having them confirm it.
ChrLipp's links are good, also take a look at the guide for using FB and G+ together on the Google Developers site: https://developers.google.com/+/best-practices/facebook
How did you implement the social media sign-in's? For example Facebook: did you use Login for Android? In this case the docs say under Checking login status:
Apps using our SDKs can check whether someone has already logged in using built-in functions. All other apps must create their own way of storing when a person has logged in, and when that indicator is not there, proceed on the assumption that they are logged out.
And if you follow the link to Storing access tokens and login status you can read:
The token should be stored so it's available to all parts of the app when it makes API calls. ... If you're building a ... mobile app, then you should use the datastore available to your app. Also, the app should store the token in a database along with the user_id to identify it.
Have an enumeration (NativeLogin, Facebook, GooglePlus) and depending on this enumeration the following information:
NativeLogin
UserName, Password
Facebook and GooglePlus
Facebook or GooglePlus ID and their User Access Token
In all cases you should store the email adress you get in an additional field.