I'm trying to allow users to sign up to a Firebase website using only their email and phone number. At a later time, I would like to send them their auto-generated password via email. Is this possible to do with Firebase Auth or Realtime Database?
Sure thing. You'll have to create the account through the Admin SDK, so in a trusted environment like your dev machine, a server you control, or Cloud Functions. There you call createUser(...) with the email the user entered, the a temporary password that you made up.
You could do the same client-side, but in that case the password would be determined from the client too, which wouldn't be secure.
Related
Sign up page using firebase is showing username and password in network tab.
Is there any way that I can send the user information to firebase more securely(like hashed one).
enter image description here
In the firebase auth docs (
https://firebase.google.com/docs/reference/rest/auth ) ,it has been mentioned the same that email and password would be send as string !! Not sure if its a secure way or is there anything else that I am missing here.
The only person who can see the network tab on your browser is you and anyone around you, so the security risk on that end is only as big as you choose to make it.
The password is sent from your browser to the server in cleartext over a secure connection. There is no way for anyone along the way to intercept that, unless they've hacked into the network (like with a fake certificate) in which case the leaked password is probably not your biggest problem.
On the server the password is salted and hashed before it is stored, so there's no risk there either.
Also see:
Email & Password login security (on the Firebase mailing list)
Is firebase JavaScript SDK secure over network?
Does Firebase Authentication store hashed and salted passwords?
We already have a working website with registered users and I have the task to implement the LinkedIn authentication into our website and we are using MongoDB and mongoose.
I already did everything I needed to do with the Linkedin API and I am getting the email of the user who signed in with his/her LinkedIn account.
Once the user logs in, the server gets the email and check if it the user associated to that email already exists. If it exists then send the JWT token if not then create a new user and then send the JWT token, but in order to create the new user we need to have the password since it is a required field in the user schema, and we are only getting the email, first and last name, no password.
How would you go about this? Should I get rid of the password required field and then simply check if there is a password in the login and signup route? Or is there a better way to do this?
I am working on a college app in which only the administrator has the right to create user accounts. On successful User Account creation, the user gets an email with his user email and password as plain text.
I am already familiar with the email verification and password reset mail in firebase but I am not allowed to do that.
I already looked at answer to this question: Send User Password via Email with Firebase but it is very less helpful as the answer provided is complicated to understand.
So all I want is the password to be sent via email whenever a user is created.
PS: I am working with Web Interface (JavaScript). How do I do that? It would be even nice if I get help with some code chunks included.
You can achieve this using firebase cloud functions following the steps below
Setup Admin SDK following the documentation https://firebase.google.com/docs/admin/setup
Add a Firebase Authentication Listener https://firebase.google.com/docs/functions/auth-events
You can send mail with sendgrid See this article
If you want to really get familiar with cloud functions you can start here
AWS SDK (JavaScript)
I ported all of my users from a MSSQL DB to a AWS Cognito UserPool.
Now I need to have each one of my Cognito users in my Identity pool.
This needs to happen so I can move my user data into Cognito Sync's datasets.
Problem :
I cannot move each cognito user in my userpool to my identity pool.
I have searched the docs and I cannot seem to findout how to go about this.
I cannot log each user in because each user will need to reset their own password. (this is due to the way things are when porting users from a .csv file)
SOLVED
I loop through users in a batch.
Each user is converted to a Cognito User in a User Pool
Once the Cognito User is successfully added, I then log that user in manually,
Then I have to set the users password with a temp password
Next I get the successful method called
Inside the success method, I now have the user in the Identity pool because I logged the user in manually
Now I get the users Identity ID
Now I can set DataSets
NEXT IMPORTANT I have to set the user back to "RESET REQUIRED"
Then the loop continues and I process the next user in the batch
NOTE Make sure you do not have anything checked in you MFA portion in the Userpool or emails will be sent. Also emails are still sent in special circumstances. To get around this, I performed this task
Change the users email to fake#fake.com
All emails are sent to fake#fake.com
when you are done with the user and all is well, change the users email back to the correct email.
First, Identity Pool does not have users - just identities. Each identity corresponds to a User (A Userpool user or a Google/FB user) in case of authenticated identities and has an IdentityId (for all identities - authenticated & unauthenticated). This is generated when a GetId API call is made with an IdToken from the appropriate IdP (Userpool in your case).
Also, I don't see why you need to generate identities for all the users in your userpool. These identities are supposed to be generated on-the-fly. Design & deploy your app and when a user uses your app for the first time, your app will make a GetId call, thus generating an IdentityId.
I used firebase realtime database as backend of an online registration app for tech fest in my college.But I only enabled custom email and password authentication.But i found some users created account anonymously and it seems they were not able to sign as i restricted login only after email verification.But still how is it possible even after i made sure to disable anonymous authentication.