I'm integrating Stripe Payment Gateway to an Android App and facing some questions and issues.
Following the Stripe Documentation it seems like having its own Server is required.
Digging for a few Hours, Firebase Cloud Functions can do the Server work...Great !!
But from what I can find, it can be done in at least two ways:
HTTP Trigger
A write to Firebase Database that would trigger a Cloud Function
So first, which one to use?
The good old Industry trusted http endpoint with good old Retrofit?
Or the much more simple Write to Firebase Database to trigger the function?
Also, as for the next step, I could not find any Android tutorial for the next steps. Only this Web app: https://github.com/firebase/functions-samples/tree/master/stripe.
From what I can see, it would need Node.js, npm etc etc...
Nothing more simple from Google?
Cheers guys
First of all, either way you're going to have to write backend code in JavaScript to handle payments.
So the process that works for us with Cloud Functions is -
1) Android provides card details to Stripe using native SDK
2) Stripe provides a token which Android sends it to your Firebase backend
you could store it in stripeTokens/userId/yourToken
3) Firebase cloud function then triggers a function and uses this token to create Stripe customer (See saving for later and Customer)
you could store it in stripe_customers/userId/stripeCustomerId
4) Remember to remove yourToken because it's only valid once
5) finally you can use this stripeCustomerId to make payments and update related nodes in the backend
Important concept here is to create a customer and store it in your backend for future payments.
So steps after 2) are all cloud functions, so yes most of the work is done in backend. Only thing Android is doing is entering card details, sending token, triggering and listening for future charges.
As far as HTTP is concerned, concept is similar but only thing different is you wait for the response and if there is any errors you get it there, whereas if you were to do with Cloud Functions, you would have to write those errors somewhere and read those from client.
Hope this helps.
Related
I have an Android app where I use Firebase Auth API to confirm the user's phone, also I have my own server to store user data.
I'm planning to make cross-platform app using kmm. But problem is that Firebase Auth API require call setActivity(activity) method to be called, which depends on the Android activity.
I would like to share the authorization code between Android and iOS. Are there any solutions that allow you to use common Kotlin client side code or Kotlin server side code to do this?
I ended up have implemented 2 endpoints (/send_code and /check_code) on my server and have used a third party API to send SMS. An important part of the implementation was the IP limit on the number of requests, since all third-party APIs are paid.
I have an Android app using Cloud Firestore (Blaze Plan). By calling Firebase Call functions from the Android app I can easily send text from the client and receive answers from the server.
According to the Facebook docs regarding Access Tokens, it is possible to get information from the Facebook Graph API by using an App Access Token, without requiring the user to be logged to his Facebook account (if any).
Is it possible to make requests to the Facebook Graph API from a Firebase cloud function (using JS)?
Yes, you can make requests to the Facebook graph API from a Firebase function. There are very few examples, but a good one may be this (you can find the code here), and this has been explored in other threads like this one.
Hope you find this helpful.
This is a question of architecture. What I tried yet: Research, research, research.
I want to deploy various microservices with AWS Lambda. These should be accessible for authenticated users via Web and Android App.
Question 1: How to securely store AWS Gateway API keys (secrets) in an Android Kotlin / Webview app? Is Android Keystore the right (secure) answer?
Question 2: What's the best, secure way to make user login happen? Should the login be located at Lambda or inside the app? Again, how to securely store login data on Android? Could a cookie-based Web-Authentication be the answer (aka "Keep me logged in")?
The goal / my issue is that I want the Android App user to enter his / her login data only once in the App and never be asked again for login at my Lambda Microservices. I'm aware that API Credentials and Login are two different problems here.
Example projects maybe?
This is not for critical data like banking, but still I want to follow best practices as much as I can in terms of sec.
I am not sure whether you have researched on Amazon Cognito or not but it can be used to provide authentication for both user interfaces and for APIs. It can easily be integrated with Lambda/API gateway.
As an alternative to using IAM roles and policies or Lambda
authorizers (formerly known as custom authorizers), you can use an
Amazon Cognito user pool to control who can access your API in Amazon
API Gateway.
Further reading :
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
If it helps I have some cloud demo sample UIs that connect to lambdas and use Cognito. You can run them starting here: https://authguidance.com/home/code-samples-quickstart/
The blog has some write ups on how it all fits together - see the index page for further details - there is a post on UI token storage for example.
Long lasting sessions can be managed via refresh tokens - but your apps should still deal with token and session expiry - and scenarios such as logging on as a different user for testing.
Im currently building an app, back-end and front-end and I use Firebase for saving pictures that the users can upload and download, up till now I've been uploading them from the front-end and if the upload is successful then I send the image link with the rest of the data to the back-end, but as Im saving firebase credentials (in order to connect) in the app, now Im questioning if it would be better/safer doing it all in the back-end, sending all the information (image included) and the let back-end upload the image to firebase. I don't how how secured are those credentials being of the app
I usually handle things in the front-end if the Firebase SDK has what I need. The only common reasons not to do this, is when there is a requirement to do them in the back-end. This is only common for operations that: require a lot of memory/CPU/bandwidth, require access to secret information (e.g. an API key for a payment gateway), or where the code itself is secret (e.g. detecting cheats in a game, or malicious messages in a chat app).
In your case for example, uploading directly from the front-end to Cloud Storage is a great reason to use the Firebase SDK. Doing so means that Firebase takes care of the encoding, of retrying, of security, and many other things. If you'd want to introduce your own server in the middle, you'll have to write the (client and server) code to handle all of that yourself.
Note that the keys that Firebase tells you to add to your app through the google-services.json are not credentials, but merely configuration data that the app needs to find your Firebase project on the servers. For more on this, see my answer here: Is it safe to expose Firebase apiKey to the public?
But that said, with the configuration data anybody can call Firebase API methods on your project. So you need to secure access in some way, to prevent other users from coming up with their own code that uses your project.
The common way to do this is by using Firebase Authentication on the client to sign the users of your app in. You'd then use the Firebase security rules to limit who can read/write what files in Cloud Storage.
so my situation is that I have a firebase real time database set up for my app backend. Generally speaking, the db stores request nodes, and each request has an 'Expiration' date/time.
I desire functionality when the expiration time for a request occurs, an event is triggered which invalidates that request entry in database and also makes it known to the app frontend where I can show a message to user when he opens the app.
Can you suggest how should I go about this?I'm kinda stuck on this as I'm fairly new to firebase (and app development) so any help in simpler terms would be much appreciated.
Thanks for your time.
You can achieve this in a very simple way using Cloud Functions for Firebase.
Cloud Functions for Firebase lets you automatically run backend code in response to events triggered by Firebase features and HTTPS requests. Your code is stored in Google's cloud and runs in a managed environment. There's no need to manage and scale your own servers.
Hoe it helps.
Apparently, this is not possible with GCF at this point.
I had a similar question: Google Cloud Functions: edit Firebase node at a specific time