I've implemented Firebase Invites as described in the documentation and it works fine.
I've discovered that if a user has multiple Google accounts then the first time the Intent is invoked, Firebase asks the user to select one of these accounts (if they choose to send an invite via email, the selected account is the one it comes from).
However, my users have complained that that there is no way to change the account that is used. Uninstalling the app and reinstalling does not cause the prompt again, so apparently Firebase is storing the selection internally.
I've found the setAccount method, but that would require me to launch the account-chooser dialog and specify the Account every time. I was hoping there would be some mechanism to cause Firebase to reset the choice that it has stored internally. Is there a way to do that?
Note that calling FirebaseAuth.getInstance().signOut() has no effect. In fact, calling FirebaseAuth.getInstance().getCurrentUser() returns null. That seems to confirm that Firebase Invites is not using Firebase Auth. [It would be nice if Google documented what is going on, instead of us having to guess how it works.]
Here's the private response I got from a Google engineer:
No, there's no way to clear the default account. As they mentioned, setAccount would be the recommended way to choose the account. For this case, though, you might want to tell them that the user actually can change the account from the Invites screen by tapping on the user avatar. If they have more than one account on the device, this should bring up the account chooser to change what account emails are sent from.
Related
Im working on a project where a user isn´t forced to sign up a account.
My plan is that a user could do anything like a user that is registered except for a few exceptions.
I implement a like function which saves the users behaviour on a webserver and later when the data is fetched again it recognized if the user liked something or not. My problem is that I have to save this informations also if the user isn´t registered to my application. A User should be free to decide wheter the user likes to sign up or not and isn´t forced to be a registered user.
I found three different way that could work!
1. Option
First option would be the accountmanager but I don´t like this option at all cause I have to ask for the contact permission and also ask which account a user want to use.
2. Option
A other option would be if a user starts the app for the very first time the app would call a server which creates a random unique code and send that code to my application to save it as key for the users actions which is saved on a server. But that also doesn´t seems to be a good solution for my problem.
3. Option
The last option would be oauth but for now I don´t know if and how it would be the solution to my problem!
I would be thankful for every answer!
I have worked on a comic app that requires saving the user subscribed channels, genre or comics and save the likes/dislikes for the same. User can be subscribed to push notification too.
For this, we used Firebase Authentication (anonymous signup). And to save the user subscription information, we used Firebase Firestore.
And followed the below approach.
As soon as the app opens, check if the user has already anonymous SignIn. If it hasn't, signUp silently.
Add a listener for user push notification token change. And update it to Firestore by anonymous user-id as key (We did same for storing other information too).
I think this approach would help to solve this problem.
You could use firebase auth for that!
Usually, you would use it with email & password or google login but it also has an anonymous login feature that should save the user's phone.
There are few techniques. It depends on whether you want to recognise a user between installations of app. If you are OK to lose a user on reinstallation you can use Firebase installation ID and link users behaviour with this id. If you want to remember users even between installations you can use unique to each combination of app-signing key, user, and device Secure.ANDROID_ID(more info about ids). But still the best way is implementing your own signing in or using of AccountManager.
Im developing an android application for the first time (no prior experience whit coding....). Mainly the app is going to be used at work as a tool for service technicians. The app is almost ready for field testing, but there is one thing i need the app to do before that. I need the app to force the user to log in every time its opened. This is because some of the info on the app is confidential, and only people that currently works for the company is allowed to have this info. Whit firebase i can then block the users that leave the company, or users that are not verified. Currently the users sign in whit google and they stay signed in until they clear the app data or delete it.
I have looked far and wide for the answer to this, but i have only come across different use of timers.
If anyone has a better solution to this "safety" issue, im open to anything.
If you are using Google Sign-In for authentication, there is no out of the box support for forcing your user to authenticate with Google every time they use your app.
This makes sense, because the user is still authed with Google on your phone. A login system only authenticates the user; it doesn't inherently protect data stored on the device. As long as Google has a valid access token, the user won't have to type a username and password again (and simply clicking "login with Google" again doesn't really provide extra protection here).
If your primary concern is blocking access to users who have left the company, you should be covered if you are using Google Apps for your company. If you disable the user's account, their access tokens should become invalid. Google Apps admins can also manually revoke access to specific apps for specific users.
If you don't use Google Apps (e.g. your users are using #gmail.com accounts or accounts from a domain outside fo your control), you might want to consider implementing a list of users allowed to access the application, and verify the current user has access by checking that list via an API call on launch.
If the goal is really protecting the confidential information in the application, you might want to take an approach similar to Android Pay in which you require your user to set and enter a PIN number to access the application. As an added benefit, you can then use that PIN to encrypt any confidential data you are storing locally.
I will suggest you take a look into shared preferences and every time when the user is back into the app you send them to the login activity.
I'm developing an Android app which needs to be able to manage the user list. Problem is, Firebase doesn't seem to offer much support for this kind of scenario, as opposed to social apps where users are self-registering and managing their own accounts. I could create users in the Firebase console, but this is not enough.
The users are to be registered by email and password, some users must have admin permissions and be allowed to edit the user list, I can enforce this using security rules. However, the users listed in the Firebase console don't have any place to put extra information for the permissions, so this info must go in the main database. Editing the database tree in console is not reasonable, hence this must be done in the app.
First problem is, there is no way to get the user list from the app. As a workaround, I can create users only in the app using createUserWithEmailAndPassword() function. Then, I can save the extra user info in the main database, keeping them in sync.
Minor problems aside (such as newly created user getting automatically signed in, signing out the admin user), the function starts to fail and the error logs indicate "TOO_MANY_ATTEMPTS_TRY_LATER". This is not acceptable.
Any suggestions will be appreciated. Thank you.
The users are to be registered by email and password, some users must
have admin permissions and be allowed to edit the user list, I can
enforce this using security rules. However, the users listed in the
Firebase console don't have any place to put extra information for the
permissions, so this info must go in the main database
You should a separate worflow for admins which would add the admin UID to a DB node "admins".
Then whenever you need to check if your user is an admin using rules you can uses something like
".write": "root.child('admins/'+$user_id).exists()"
Creating and login in other users seems pretty unintuitive to me, I would suggest using dynamic links for invites and let the invited users, install the app, create their own users and sign in themselves. You can then use the dynamic link info to see whoever invited them and act accordingly.
I'm implementing Google Smart Lock into my app. I've got it logging the user in automatically with a single account and it works well.
However, once I add a second account to the mix it always shows the resolution dialog to pick which account I want. This continues to show even after I have selected and account and restarted the app.
This dialog shouldn't show anymore once I have selected the account I want smart lock to use, so what are some possible reasons for it still showing?
-Thank you
I work on the Smart Lock team at Google, hopefully this answers your question:
as you note, if the CredentialsApi.request() API method is called and there are multiple saved accounts for the app, stored in either one or multiple Google Accounts on the device (or auto sign-in has been disabled by the user for one of their accounts or by the developer by calling CredentialsApi.disableAutoSignIn()) then the API will call back with a CredentialRequestResult with getStatusCode() of RESOLUTION_REQUIRED, meaning that UI must be shown for the user to pick a credential to continue. startResolutionForResult() will show the dialog, as described in the API overview.
once the app has a credential, either from auto sign-in or after the user has selected one from the dialog, most apps will use this credential to sign the user in to a backend service and establish a session with a cookie or token for the app and manage this independent of the Smart Lock API. Thus, most apps won't call the API again after the user has signed in and a current session exists, hence the dialog won't be shown again after the initial sign-in.
when the user signs out, calling CredentialsApi.disableAutoSignIn() will prevent the user from being automatically signed back in when the authentication activity is started again, and the disabled state is automatically managed and cleared when the user selects an entry from the credential picker UI or a successful CredentialsApi.save() call is made, and at this point, a user session is established and there is no need to call the API again until a sign-out event.
I think the confusion in this question stems from calling the API after the user has signed in and they might already have an active session. Was that your intent? If you need to manage credentials of the app on the device after a password has been retrieved or input by the user, you can use the Account Manager on Android, which is independent of any Google accounts or APIs (whereas Smart Lock is geared toward saving sign-in info in the cloud for use across platforms on new or separate devices to bootstrap the auth process).
In the future, we are considering remembering a user preference if multiple accounts are stored and the same one is always picked, thereby allowing automatic sign-in, but right now, user action is always required when there are multiple saved accounts available.
Do leave a comment with any questions or feedback if you need more info or clarification or if this doesn't answer your question!
When you have multiple account, you will always show this resolution dialog.
Look this :
from : https://developers.google.com/identity/smartlock-passwords/android/overview
I think this may not be the right question for this forum, but I could not think of where else to post it.
However, here goes. I am creating a dating app in android. One of the major hurdles I am facing is user authentication and verification.
Put simply, how do I ensure that a user is who he/she really says he is? How do I prevent, or reduce people creating fake profiles on the app? One way to do this would be to force the user to connect with his facebook account, but again, fake facebook profiles can be created.
Is there any other good method to ensure user verification?
The best way I can think of, although not fool proof, would be when the user creates an account it sends them an email where they need to click a link. Clicking the link can ask for some confirmation of something, such as their chosen username and or the first name and last name etc. If they fill in this information from the email, they're probably legit and you can mark the account as active within the database. If after x number of days delete any accounts that have not been verified.