I have been searching for a while as to what could be the best option to integrate real-time messaging in my app. I have read about a number of available chat APIs like Sinch, Applozic, Quickblox, SendBird, etc. What I am confused about is that since I am using Firebase Auth for user authentication, can I use these available API along with Firebase Auth??? I know I can even use Firebase to create IM feature but I would prefer to use third party IM APIs as it will save time.
Note: I am using Firebase Real-time Database as well to store user data.
Can anyone suggest me the best option in this case???
It is possible to use both Firebase and Quickblox. Use Firebase to handle the authentication and use the FirebaseUser object to create a QBUser for your quickblox implementation. Hope this helps.
As Norris pointed out in his answer, it is possible to use Firebase and QuickBlox, but QuickBlox requires client app to authorize with user_id and password. Since you can only get user_id from FirebaseUser object, but not the password (explained here: Firebase/Swift 2 - How to get an authenticated users password and email), you could programmatically generate new unique password just for QuickBlox authorization and keep it stored together with other user data at Firebase Real-Time database. The user doesn't need to know this password, you just use it in your client-side code when you wish to authorize with QuickBlox API.
SendBird has simple and powerful Android SDK which runs very well with any types of user authentications.
SendBird only requires "user_id" to create a chat account and it should be super easy to integrate SendBird with Firebase by just using Firebase user unique id as SendBird "user_id".
Related
I have an app which is already published on the play store and uses some firebase databases whose security rules are public. So in order to make the rules private and fit in the security rules. I would have to implement Firebase Auth.
So my app login flow works as in identifying the user with their phone number OTP verification.
First, I don't want the user to change their login flow. Like I don't want to integrate Social Login.
So is there a way I can use Firebase Phone Auth to my existing flow and get the uid of the user so that in the Firebase DB rules I can use that uid for my auth?
Please help me! I am stuck at this and couldn't find any solution.
If I understand correctly you use a phone number OTP system that is not Firebase Authentication to identify your users.
There is no way to tie that existing flow to Firebase's phone number authentication that I can think of.
The two options that come to mind:
Replace your existing authentication system with Firebase Authentication, and map their new (Firebase) UID to the previous ID system.
Keep using your own phone number verification, and mint a custom Firebase token for your users based on that, then use that to sign in to Firebase. Generating custom tokens can only be done in a trusted environment though.
Scenario:
I want to create an android app which uses username and password for authentication. I decided to use firebase custom auth for that purpose.
From my android app, I am calling a firebase cloud function to authenticate the user with the provided user credentials.
Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs). You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the signInWithCustomToken() method.
Source: https://firebase.google.com/docs/auth/admin/create-custom-tokens
I would like to make use of firebase firestore to store username and password and use it to create custom JWT for Firebase custom authentication in firebase cloud functions.
Question:
Should I store user credentials in firebase firestore and if yes, what is the secure way to do so. If no, how should I proceed further?
How to create JWT in firebase cloud functions if the credentials passed to the function match with the credentials in firestore.
Note:
I don't have a credential system or own a server.
If you've never created authentication systems before, I highly recommend finding an existing implementation of such an authentication system for your app. Using something that is made by folks that do this for a living, is much less likely to lead to future data leaks that would negatively affect the users of your app.
That said: if you're going to build your own system, you'll want to have a look at this example usename/auth provider in the functions-samples repo. It shows how to receive the data, how to call a backend system, and how to mint a custom token.
For some information on how to store username/password, see Best way to store password in database. Storing this information in Firestore is a common approach, and no better or worse than storing it in any other properly secured cloud-based database.
I have created an Admin portal using firebase which shows the details of the users registered in my android app. As soon as they register in my app, the user is created inside the firebase Auth. Now I am concerned about the security of the site as my firebase API key is visible to everyone. So if they use that key, then they can easily access my firebase database and fetch the data using a simple javascript. So I wanted to know any solution to avoid this security problem???
Does Firebase provides any plugin for the same or is planning for in future..? I intend to use phone numbers for my users authentication instead of Facebook/Google login.
i'm creating an android app, which requires some authentication system. I want to have 3 options to log in users: mail&password, facebook login and anonymous access (in case of anonymous i'll create some kind of anonymous account, so user'll be able to give his credentials later and secure his account with 'normal' password).
I'll also have my own webservice for this app. Webservice is in fact the most crucial part and android app will just show data from WS and put some new data on it.
I'll be using Firebase for handling notifications.
My question is: should i use Firebase authentication in this scenario or maybe it's better to stay with own authentication system? If i use Firebase i still need to have users in my database (webservice requires some info about users).
Is firebase authentication good choice for project like that?
Even in the case of Firebase where we use firebase authentication and the firebase database together, only a few details of user(user id, login email or number, provider details etc) are available under the Authentication tab. The rest of the details we receive after login and other custom user information we collect from the app have to be saved in the Firebase database.
So even if you have another Web service instead of using Firebase Database, you can use Firebase Authentication. There are definitely great advantages if you use Firebase Authentication.
Save time on developing Webservice methods for authentication :
Instead, you can just have a method to store user information after the user authenticates with Firebase. Also, there is considerable time saved since you can avoid developing server-side methods for different kinds of token verification in case you want to add social logins like Facebook and Google.
All that will be handled efficiently with Firebase.
Detailed Analytics: Also with Firebase authentication, you can also get good analytics and demographic information of users.
You don't have to use Firebase authentication in order to use FireBase Push Notifications, Invites, etc.
That's one of the beauties of Firebase; you can choose which service to use.
Since everything is built already, I would continue to use your own Auth system
You can save all users, and you can authenticate with Google, Facebook, only email.
It's like a database online and it's easy to connect with the same at Android Studio and after you can login with the users.