I am new to Firebase and I assumed the user id generated by Firebase Database is the same one I get by using currentUser.getUid(). But as you can see, those two values don't match for my current user.
I can't figure out the reason. Please help. How to solve this?
As i can see in your screenshots you are using two different ways for having that unique key, a uid provided by the firebaseUser object and the unique key generated by the push() method. It's obvious that are not the same, becase there are different principles.
The first one is the uid provided by the Firebase authentication and the second by the push() method, that generates a unique id based on the time of the generation.
The best way for using as an identifier for your users is not the uid, nor the pushed id, is the email address, because if a users deletes his account and sign-in again, he'll gets a new uid.
If you want to use the uid, this is the way in which you can retrieve it:
FirebaseUser firebaseUser = firebaseAuth.getCurrentUser();
if (firebaseUser != null) {
String uid = firebaseUser.getUid();
}
Hope it helps.
Those are totally different things. ID that you get with getUid() is an ID that is created when user is signed up to Firebase Authentication. Other one is key created based on the current timestamp in the Firebase Database when you call push() method. What you could do is instead of creating new person in your database with push method, use the id that you get from getUid()
Related
I have a collection of "Users" in Cloud Firestore and I am using Firebase Auth to authenticate my app users as follows:
The user authenticates within the mobile app (for example with Google).
I verify that there is no document within the "Users" collection that corresponds to the UID of the authenticated user.
If the document does not exist in "Users" I use the user's UID to create a new document.
It is my question: Is there a security problem with this model or some other type?
I am confused by Google documentation because it says that the user's UID is unique to the Firebase project but should not be used to authenticate my user to the backend server. It also says that in that case, I should use FirebaseUser.getToken () but that token can change, so it will create a new user in my DB.
So, my second question is: When should you use that token? Give me an example, please.
Thanks for the help.
USER_ID
You can use the google generated user_id for future reference. That will never change for a given user email or authentication type as long as the user is already in the database.
Example:
If the user Signed In with google federated login with user1#example.com then the user record is maintained in the Firebase and USER_ID(Say ABFDe12cdaa2...) will be assigned(You can use this id in URLs to see the user profile etc it is kind of 32 chars long(I am not sure exactly here). Now, If a user tries to sign up again with the same email(user1#example.com) then it pulls the previous record ABFDe12cdaa2.... If you delete a user1#example.com from the firebase database(Firebase maintains its own database of the user for your project, With has a limited number of user properties). Then the user tries to sign in again then the new USER_ID is generated.
Now the TOKEN:
As you USER_ID is public, it can be seen by everyone. It is not used for authentication.
So you need to generate the token( This is longer the user id) to authenticate programmatically with the Firebase. It token is temporary and specific to the user. It will expire in some time ( you can define that time while creating the token). a refresh token is used to get a new token.
I don't have any code examples while writing this answer. I will update with code example,If, I find any.
Hope I clarified some of your questions.
I am currently writing an android app. In my app users can rate some objects. The data (the objects as well as the ratings) shall be stored in Google Firebase, especially Firestore.
I already linked my app to Firebase and implemented the com.google.android.gms.auth.api.signin to get the GoogleSignInAccount of the current user.
I want to save the data to the database like:
SomeObject: | objectId | name |
ObjectRating: | ratingId | objectId | userId | rating |
What I am not sure about is, what to save as userId. The documentation of GoogleSignInAccount.getId() says:
Important: Do not use this returned Google ID to communicate the currently signed in user to your backend server. Instead, send an ID token (requestIdToken(String)), which can be securely validated on the server; or send a server auth code (requestServerAuthCode(String)) which can be in turn exchanged for id token.
So I probably should not use this. But the recommended IdToken is signed, so I think it will be different everytime the method is called.
What most people do, is create a users directory in the database. But from the app I want to get the users rating as well as the overall mean rating of all users for the given object. So I think splitting the ratings in multiple user tables complicates the computation of the overall mean rating.
My question is: How can I link the ObjectRating to the user, without using the unsafe getId() while still be able to select all ObjectRatings by objectId to compute the mean rating?
To obtain the user's unique identifier you can use FirebaseAuth to get the FirebaseUser object:
FirebaseAuth.getInstance().getCurrentUser().getUid();
The getUid() method:
Returns a string used to uniquely identify your user in your Firebase
project's user database. Use it when storing information in Firebase
Database or Storage, or even in your own backend.
You'll need to ensure that you've used the GoogleSignInAccount to authenticate with Firebase before calling getCurrentUser(), otherwise it will return null.
I have authenticated my user using phone authentication, and the user object that is returned has this long string when I call user.getUid() :
dn27dhJK..... (some long string).
If I authenticate this user on some other device (using my phone number etc), will user.getUid() always be the same ?
EDIT: From the documentation: https://firebase.google.com/docs/reference/android/com/google/firebase/auth/FirebaseUser
public abstract String getUid ()
Also: Google Play services Returns a string used to uniquely identify
your user in your Firebase project's user database. Use it when
storing information in Firebase Database or Storage, or even in your
own backend.
This identifier is opaque and does not correspond necessarily to the
user's email address or any other field.
It is unclear if this id remains constant or not.
When you first verify the phone number (or first sign in with a social provider, or call createUser), a user account is created - and thus a new unique UID id created. From that moment on, that user/phone number will remain associated with that account/UID. No matter if they re-verify on the same or a different device.
If you delete the account, a new account+UID will be generated when you use that same phone number next time.
If you're using Firebase Authentication in your project:
Remember
Firebase will generate a single unique key(i.e. UID) on registration of a/c whether using Email/Phone number.
This key remain associated to that a/c untill a/c is exist in firebase authentication list.
If your app is uninstalled on phone & then a/c is open in another then we can fetch that key from Firebase cloud auth. service.( UID remain safe).
This Uid is created when the user signs up and is linked to the phone number that you used. When you sign in you will get the same uid. But if you try to sign up again with the same phone number, it will basically give an error saying this phone number is already signed up.Hope that explains!
I am currently making an Android app that allows Facebook sign-in and for each user, stores their email address (from Facebook) along with a couple integer variables in my database.
Upon login, I want my app to check if my database contains the email address of the logged on user. If it does, I proceed with the app functionality, if not, I create a new entry in my database for that user, with an email address and the associated integers.
How can I formulate a query or request that searches my database for a given email string? I am not very experienced with Firebase.
Using FirebaseAuth for your Facebook sign-in would give every user a unique id generated by Firebase.
This id is returned to you in the code when login is successful. You could then retrieve the user's email from the returned object.
Assuming you're using Firebase's real time database to store your info, you could check out their official docs here on how to use your DatabaseReference DataSnapshot to query the database
The Firebase Docs here say the following:
A Firebase User instance is independent from a Firebase Auth instance. This means that you can have several references to different users within the same context and still call any of their methods.
QUESTION: How to get/create FirebaseUser instances for other users? I got an admin user who can change profile info of other users, like photo url or display name.