Instead of using the normal firebase authentication methods I want to use web3 (specifically metamask) to provide signup/login without the need of email and passwords. The problem is, how do I handle signups?
One way I thought of doing it would be to use the users wallet address as the email and just add my domain as the # part for example: 0x0000000000000000000000000000000000000000#example.com but then the problem is how do I add a password for firebase to use?
Is there anyway to authenticate using metamask?
I wish I had seen this question earlier, We have developed a mechanism just for this requires a server that runs the firebase-admin that mints a custom token and pass it to the client and signs in with signInWithCustomToken.
The code is here https://github.com/novum-insights/sveltekit-unlock-firebase.
This is a boilerplate that uses sveltekit and paywalls the user with unlock-protocol.
Related
I found out that it is possible to create a new user in Firebase using the JS SDK without any user being logged in using the method createUserWithEmailAndPassword. For consumer apps i can image this is a great feature so that a "new customer" can create an account.
However, for the b2b world this ain't such a great feature and in my case we actually wan't to disable this.
Is there any configuration possible in Firebase or GCP that disallows any random person in the world to create an account in my environment?
Thanks!
If you want to disallow the creation of new accounts entirely, then you probably don't want the normal Firebase Auth standard email/password auth at all (which does not have the ability to disable new accounts created by an end user). You probably want to use custom authentication, and control precisely how signups occur with your own backend. You can control everything that happens on your own backend, of course. The downside is that you have to control everything on your backend!
You can't disable account creation but you can make your system only work with account you created with custom claims. You can make a cloud function to add a specific claim to your accounts, then delete that function. Now, with security rules like
allow read, write: if request.auth.token.yourClaim == true;
effectively, any account created without the claim can't do anything in your system. I think this is easier than implementing your own authentication scheme
I need to authenticate users in browser (not mobile app) using AWS Cognito with username/pass, not FB/google IdProviders.
There are a lot of docs but they seem to be separate blocks which either incomplete, do not fit the requirements or do not fit each others :(
I created Cognito User Pool, then Identity pool and tied the userPool to the idPool, then I stuck. Do not know which library to use and how to use it.
The closest I find are:
https://aws.amazon.com/sdk-for-browser/ but my experience is not enough to convert their FB samples to not-using FB
https://github.com/aws/aws-amplify but using this lib I'll have to study React/Angular from the very beginning (I'm not a front-end developer, sorry) and I have no clue how to convert their npm-based samples to front-end javascript (npm is for NodeJS thus back-end, isn't it?).
All I need is plain html form with username/pass, send the request to Cognito and a way to check during the next page load whether the password was correct. If it matters I will use AWS Lambda as back-end for processing future tasks.
How can I do it? Is there a tutorial/doc for my case?
Thank you.
You can use AWS Cognito UserPools Hosted UI for your use case. The simplest form of authentication is using the Implicit Grant.
For more information about setting up Hosted UI refer Add an App to Enable the Hosted Web UI.. This will create a UserPool where users can register them self (If you plan to restrict this, you will need to either add users using the AWS Web Console, Cognito UserPools or using their SDK)
The steps are as follows.
Set up Cognito Hosted UI and register your application domain. This will create the login/registration pages for you where each of this will have a unique URL. What you have to do is, if the user is not authenticated (Let's discuss how to detect it later), you need to redirect the user to the Login page.
In the Login URL, you also need to specify the redirect back URL to the application so that after a successful login, Cognito will redirect back the user to the application providing the token in a query string.
You can then access the id_token from inside the application and use it for querying the backend.
Since the id_token is a JWT token you can verify it at your Backend using the public key available at the Cognito token endpoint.
To implement the JWT verification, you can also refer Cognito JWT Token validator NodeJS module.
Note: If you need to keep the user's logged in for a longer time period (Than 1 hr), you might need to use the Code Grant flow which will return a Refresh Token, which could be used to retrieve new id_tokens programmatically.
I am writing administative function which allows system admin to create new accounts.Since system admin is already authenticated to system after registering users to firebase with createUserWithEmailAndPassword() function i get auth error.
How do i handle this kind of situation ?
The regular Firebase JavaScript/Web SDK only allows users to create their own account. There is no way to create an account for another user.
For such tasks you'd typically use the Firebase Admin SDK, which you'd run in a trusted environment (such as on a server you control or in Cloud Functions). Creating a user is a simple API call there.
I'm making a chrome extension that uses Firebase database. For their custom authentication I need to create a JWT token to have the user sign in.
I saw on their documentation that their is a function to generate these tokens in node using the function call:
var customToken = firebase.auth().createCustomToken(uid);
My issue is that my chrome extension is not a node app, so I don't have access to this function. I have the firebase auth API from their CDN but when I try using that function I get firebase.auth(...).createCustomToken is not a function.
I guess that the create JWT token function is just for node.js firebase users. Is there a way I can still get access to this token generator without my extension being a node app?
I'm new to this JWT stuff so really I'm just looking for an easy way to generate one of these tokens somehow.
Creating a custom token requires access to the service account of your Firebase project. This is a server-side secret and should never be present in the clients that access your project. If you give your clients the secret needed to mint a custom token, you're giving them full access to your project. You might as well not use authentication in that case.
The typical approach is to run a server that mints a custom token based on your app's needs and then use that token in your client (e.g. a chrome extension) to sign in.
Alternatively you can use one of the built-in authentication methods, such as email+password, Facebook, Google or even anonymous sign-in.
I try to sync data for a Cognito authenticated user using the new User Pool.
From what's suggested here:
"Note that the generate client secret box must be unchecked because the JavaScript SDK doesn't support apps that have a client secret."
On the other hand for Android only apps with a client secret are supported.
So I added 2 apps to the User Pool, one with a client secret and one without it.
However, in the Identity Pool I can only add one App Client ID as an authentication provider.
So I get: "com.amazonaws.services.cognitoidentity.model.NotAuthorizedException: Token is not from a supported provider of this identity pool." when trying to use an authenticated token for the Android app.
Am I doing it right, or am I missing something?
Thanks!
Figured it out.
It is possible to add multiple (up to 100) apps or "audiences" to an OIDC provider through the IAM as explained here
So I set up the OIDC and added it as the authentication provider to the identity pool.
Since you already worked out a solution, one additional thought:
On the other hand for Android only apps with a client secret are supported.
The Android SDK for Cognito User Pools should allow you to handle apps without a secret, you should be able to just set that value to null. Check out the sample app for more details, if you are interested.