I am new to the Firebase database.I have learned that push methods generate a unique key in Firebase database.My question is After the authentication, how to set the user_id as the key? so every time User logged in. User can manipulate its own data .. I have searched a lot but didn't find help. Thanks.
You usually save the user specific data under a node with the $user_id as key. You set write permissions to only that user. When the user first signs up, you create that node on the client side where the user just signed in and then populate with that user's data. So you first define the rule in the Firebase Console for that node ahead of time, create the user db node after first time authentication. From there, the user can only manipulate its own data. Check this doc for more on this: https://firebase.google.com/docs/database/security/user-security
Related
I have a collection of "Users" in Cloud Firestore and I am using Firebase Auth to authenticate my app users as follows:
The user authenticates within the mobile app (for example with Google).
I verify that there is no document within the "Users" collection that corresponds to the UID of the authenticated user.
If the document does not exist in "Users" I use the user's UID to create a new document.
It is my question: Is there a security problem with this model or some other type?
I am confused by Google documentation because it says that the user's UID is unique to the Firebase project but should not be used to authenticate my user to the backend server. It also says that in that case, I should use FirebaseUser.getToken () but that token can change, so it will create a new user in my DB.
So, my second question is: When should you use that token? Give me an example, please.
Thanks for the help.
USER_ID
You can use the google generated user_id for future reference. That will never change for a given user email or authentication type as long as the user is already in the database.
Example:
If the user Signed In with google federated login with user1#example.com then the user record is maintained in the Firebase and USER_ID(Say ABFDe12cdaa2...) will be assigned(You can use this id in URLs to see the user profile etc it is kind of 32 chars long(I am not sure exactly here). Now, If a user tries to sign up again with the same email(user1#example.com) then it pulls the previous record ABFDe12cdaa2.... If you delete a user1#example.com from the firebase database(Firebase maintains its own database of the user for your project, With has a limited number of user properties). Then the user tries to sign in again then the new USER_ID is generated.
Now the TOKEN:
As you USER_ID is public, it can be seen by everyone. It is not used for authentication.
So you need to generate the token( This is longer the user id) to authenticate programmatically with the Firebase. It token is temporary and specific to the user. It will expire in some time ( you can define that time while creating the token). a refresh token is used to get a new token.
I don't have any code examples while writing this answer. I will update with code example,If, I find any.
Hope I clarified some of your questions.
my Android app requirement is to assign old (already exists UID) UID to new users while signing in with Google so that the new user can access the old user data directly. Note: old user data is stored with UID as the node but in various Firebase Realtime Database top-level nodes. Is it possible to change the UID.
There is no way to assign a UID to a user that is created with a client-side SDK, as that would be a major security risk. After all: what is keeping other users then also claiming the UID of any other user in your app.
The typical way is to deal with a scenario like this is to either track who has access to whose data in the database, or to perform a data migration when the new user is created and you've validated that they're indeed supposed to "inherit" another user account's data.
You can use link method from firebase SDK. see here
So I'm trying to understand how Firebase works. I'm using Firebase cloud for the Database. I have created a collection like this:
'groups': {
'some_group_name': { ... data ... }
'other_group_name': { ... data ... }
}
Also each user enters email and password when entered to the app. On the sign up, he chooses the group name. For example in the sign up he will set username, password and some_group_name. But How do I connect between the currently login user and it's group in the database? The only data that Firebase authentication saves is email and password.
Do I need to create another collection users like so?
"users": {
"some_user_name": "some_group_name"
}
You'll need to store the group membership/association of the user somewhere. How to do this, depends on the exact requirements of your app.
If a user can be a member of only one group, you can store their group as a field in a user profile doc. You'd typically have a top-level collection users for this, and a document for each user under that with the user's UID as the document ID (so that you can easily look up the user profile by their UID).
If a user can be a member of multiple groups, you can store that in an array field in the same user profile document. In that case, use arrayUnion and arrayRemove to manipulate the array, so that you can easily query for array membership when needed.
I have done phone authentication linked to my project but I am not pushing the data from android instead I have manually entered the user data in Firebase. And I want to retrieve the data from firebase using OTP verification and I just need to search the specific user data with phone number which I am entering while login. I want to show all fields to be displayed which are present in my firebase database into my android project.
I've tried many methods to receive the data but I am stuck... Please help me.
Database structure
Authentication panal
You need to logically bind your authenticated user and the data that you stored in your firebase. As per the image in your data base 'id' of the 'Users' are 1,2,.. like that. Instead of that you can use 'UID' of users as an an Id in your database. Go to your 'Authentication' section, you will see User UID against each registered user. Copy that and use as an ID while creating data in database. This will help you to get the data with reference like Users\. Hope this will solve your problem.
I am creating an application that would allow users to access data on their phones. Examples would be progress scores/test results.
I can upload the data to Firebase with an email address as the user link.
Is there a way that I can link this already loaded data to a user (with the same email address) once they have registered? Ideally using the email address in a rule to search up that data and use that reference point in the app.
Ideally I would like to pre-upload the users in bulk, but I know that Firebase only allows one user to be added at a time.
Any help would be appreciated.
After a user sign in to the app through the Firebase auth you can get its email through this call:
FirebaseAuth.getInstance().getCurrentUser().getEmail()
If you want to import data into your database, you should first make a json out of your data (list of users by email) and then use Firebase-Import to put it in your datastore.