The Firebase Docs here say the following:
A Firebase User instance is independent from a Firebase Auth instance. This means that you can have several references to different users within the same context and still call any of their methods.
QUESTION: How to get/create FirebaseUser instances for other users? I got an admin user who can change profile info of other users, like photo url or display name.
Related
I have a collection of "Users" in Cloud Firestore and I am using Firebase Auth to authenticate my app users as follows:
The user authenticates within the mobile app (for example with Google).
I verify that there is no document within the "Users" collection that corresponds to the UID of the authenticated user.
If the document does not exist in "Users" I use the user's UID to create a new document.
It is my question: Is there a security problem with this model or some other type?
I am confused by Google documentation because it says that the user's UID is unique to the Firebase project but should not be used to authenticate my user to the backend server. It also says that in that case, I should use FirebaseUser.getToken () but that token can change, so it will create a new user in my DB.
So, my second question is: When should you use that token? Give me an example, please.
Thanks for the help.
USER_ID
You can use the google generated user_id for future reference. That will never change for a given user email or authentication type as long as the user is already in the database.
Example:
If the user Signed In with google federated login with user1#example.com then the user record is maintained in the Firebase and USER_ID(Say ABFDe12cdaa2...) will be assigned(You can use this id in URLs to see the user profile etc it is kind of 32 chars long(I am not sure exactly here). Now, If a user tries to sign up again with the same email(user1#example.com) then it pulls the previous record ABFDe12cdaa2.... If you delete a user1#example.com from the firebase database(Firebase maintains its own database of the user for your project, With has a limited number of user properties). Then the user tries to sign in again then the new USER_ID is generated.
Now the TOKEN:
As you USER_ID is public, it can be seen by everyone. It is not used for authentication.
So you need to generate the token( This is longer the user id) to authenticate programmatically with the Firebase. It token is temporary and specific to the user. It will expire in some time ( you can define that time while creating the token). a refresh token is used to get a new token.
I don't have any code examples while writing this answer. I will update with code example,If, I find any.
Hope I clarified some of your questions.
my Android app requirement is to assign old (already exists UID) UID to new users while signing in with Google so that the new user can access the old user data directly. Note: old user data is stored with UID as the node but in various Firebase Realtime Database top-level nodes. Is it possible to change the UID.
There is no way to assign a UID to a user that is created with a client-side SDK, as that would be a major security risk. After all: what is keeping other users then also claiming the UID of any other user in your app.
The typical way is to deal with a scenario like this is to either track who has access to whose data in the database, or to perform a data migration when the new user is created and you've validated that they're indeed supposed to "inherit" another user account's data.
You can use link method from firebase SDK. see here
So I'm trying to understand how Firebase works. I'm using Firebase cloud for the Database. I have created a collection like this:
'groups': {
'some_group_name': { ... data ... }
'other_group_name': { ... data ... }
}
Also each user enters email and password when entered to the app. On the sign up, he chooses the group name. For example in the sign up he will set username, password and some_group_name. But How do I connect between the currently login user and it's group in the database? The only data that Firebase authentication saves is email and password.
Do I need to create another collection users like so?
"users": {
"some_user_name": "some_group_name"
}
You'll need to store the group membership/association of the user somewhere. How to do this, depends on the exact requirements of your app.
If a user can be a member of only one group, you can store their group as a field in a user profile doc. You'd typically have a top-level collection users for this, and a document for each user under that with the user's UID as the document ID (so that you can easily look up the user profile by their UID).
If a user can be a member of multiple groups, you can store that in an array field in the same user profile document. In that case, use arrayUnion and arrayRemove to manipulate the array, so that you can easily query for array membership when needed.
I have two different types of users Teachers and Students . I use Firebase Auth with Email and password to Authenticate them and store them in the Firebase Real time database . My question is is there a way to create custom accesor methods such as getCurrentUser().getEmail, getDisplayname etc . I need to display different UI for different user type (Teacher/Student) from the current user-type
You got 2 type of users. So first of all, you can make only one firebase structure for both user and just add a boolean variable TEACHER that indicates if a user is a teacher or a student.
But what I usually do is to seperate the users in two different firebase structures meaning that you should create a firebase path teacher/user_id and an another student/user_id which will give you flexibility with retreiving data and display the data in different UI.
Im making an app wich allows users to get weatherdata from several sources at specific locations.
The problem i am facing is that pr. now when a user uses my app he/she will see all the location objects in the firebase database. (Im planning to add login via firebase , login will be needed for this feature)
How can i easily store the users choosen locations in the app ?
For example :
I would like to have a List of Locations Y, Z, X and so on. (Each with their own set of data,updated by the users)
User A wants to see Location Y and Z, User B wants to see Location Y and X
How should i store a link to the locations that user A wants to see ? and then be able to show those locations in a RecycleView.
Preferably i would also like that if user C joins he can add his own location or choose from a list of locations.
Since you are already using Firebase Database, store the User's preferenes on that. You can create a separate node for users, and store each user using the UID as the key (not necessary though) and the preferences or any other detail as the value. Something like this
"root":{
"users":{
"UID1":{
"locations":{
"location1":true
"location2":true
}
}
"UID2":{
"locations":{
"location2":true
"location3":true
}
}
"UID3":{
"locations":{
"location4":true
"location5":true
}
}
}
}
Then you can get a reference to each user using
FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
DatabaseReference userRef = FirebaseDatabase.getInstance()
.getReference("users/" + user.getUid() + "/locations");
You can pass this reference to a FirebaseRecyclerAdapter to get a populate a RecyclerView. However, if the data stored in each list item is small, say just a name and maybe a picture_url, then just store under each user. This may duplicate data but gets the data quickly, which is what a realtime database is supposed to do.
The only way I see it is by implementing a login functionality. In this way you will know which is the current user.
Then, when you have that functionality, you have two options:
Use SharedPreferences. You must mach the selected locations with the current user and that info will be saved locally on the device. Each time a user logged in, you must check if there are any previously saved data for the current user. NOTE: THIS IS A LAME APPROACH!!!
Implement some kind of a back-end for the app to communicate with. In this way all the info for the locations will be stored on a remote machine and user A will be able to log in from different devices and will see the same info. By using the first approach that won't be possible!