I am writing administative function which allows system admin to create new accounts.Since system admin is already authenticated to system after registering users to firebase with createUserWithEmailAndPassword() function i get auth error.
How do i handle this kind of situation ?
The regular Firebase JavaScript/Web SDK only allows users to create their own account. There is no way to create an account for another user.
For such tasks you'd typically use the Firebase Admin SDK, which you'd run in a trusted environment (such as on a server you control or in Cloud Functions). Creating a user is a simple API call there.
Related
I am working on an application using Firebase and Node as Back-End.
My app has an admin access and I want to create temporary access to users accounts.
I also wanted to have a history of all the logins on users account with infos such as web browser, localisation etc... for security purposes.
My idea is to create a one time use temporary auth token for an user and give it to the auth function from Firebase.
But I want to stay connected as an Admin still, so I thought about an iFrame inside the main window.
I am having trouble finding infos on the web, wanted to know if you had any leads or better ideas/way to do it.
Thanks in advance,
Firebase Authentication on its own does not provide a log of user sign-in actions, but with the new, optional Firebase Authentication with Identity upgrade you get User activity and audit logging. From the feature overview:
User activity and audit logging
Monitor and log administrative access and end-user activity.
When you upgrade your project, you automatically enable admin activity audit logs in Cloud Logging. You can also enable user activity logging on the Authentication Settings page of the Firebase console.
To learn how to view and analyze your logs, see the Cloud Logging documentation.
Creating a custom token for the user you want to impersonate and then using that to sign in should work. If you want to sign in with two different users, you can create two instance of FirebaseApp, and sign in to the auth member for each user.
Instead of using the normal firebase authentication methods I want to use web3 (specifically metamask) to provide signup/login without the need of email and passwords. The problem is, how do I handle signups?
One way I thought of doing it would be to use the users wallet address as the email and just add my domain as the # part for example: 0x0000000000000000000000000000000000000000#example.com but then the problem is how do I add a password for firebase to use?
Is there anyway to authenticate using metamask?
I wish I had seen this question earlier, We have developed a mechanism just for this requires a server that runs the firebase-admin that mints a custom token and pass it to the client and signs in with signInWithCustomToken.
The code is here https://github.com/novum-insights/sveltekit-unlock-firebase.
This is a boilerplate that uses sveltekit and paywalls the user with unlock-protocol.
What is on Firebase the query to get users email if they signed up using social login?
I'm using javascript, i know how to access database etc. but i'm not personally saving users email address, firebase does that automatically.
There is no client-side API to get a listing of users, as that would make it very easy to leak information about your users.
If you want to expose this information, you have two common options:
Store the information you want to expose in a database (such as the Firebase Realtime Database, or Cloud Firestore), and then access that from the app.
Create an endpoint (for example through Cloud Functions) that uses the Admin SDK to return a list of users.
Neither is pertinently better in all situations, although I believe the first one is a lot more commonly used.
Also see:
How do I return a list of users if I use the Firebase simple username & password authentication (back from before Firebase had an Admin SDK that contains functionality to list users)
Retrieving a list of users who have registered using Firebase Auth (more recent, and mentions the Admin SDK in an answer by one of its authors)
How can I list all users using firebase admin sdk
I am building a admin panel for a android app in javascript and php in which i created a users table with Firebase Authentication UID so every user key is UID but in this user table i am not inserting Auth Identifier. now in my admin panel how can i retrieve Auth Identifier (Phone Number) using UID(user Key)
An alternative to storing the data in the database (as Qasim answered) is to use the Firebase Admin SDK to look up the user's profile by its UID.
The Firebase Admin SDK runs with administrative privileges, and thus can perform certain sensitive operations that the regular client-side SDKs are not allowed to do. As such, it is meant to be only run in trusted environments, such as your development machine, a server that you control, or Cloud Functions for Firebase. With these last two you could create your own API, that your admin panel then calls. Just be sure to secure the API, because otherwise you're leaking user information.
You can only get the firebase authenticated User info from the current session/user, and if you need to query for it later then you need to save it in your own datastore.
For more details, see this https://www.firebase.com/docs/web/guide/user-auth.html#section-storing
I need to authenticate users in browser (not mobile app) using AWS Cognito with username/pass, not FB/google IdProviders.
There are a lot of docs but they seem to be separate blocks which either incomplete, do not fit the requirements or do not fit each others :(
I created Cognito User Pool, then Identity pool and tied the userPool to the idPool, then I stuck. Do not know which library to use and how to use it.
The closest I find are:
https://aws.amazon.com/sdk-for-browser/ but my experience is not enough to convert their FB samples to not-using FB
https://github.com/aws/aws-amplify but using this lib I'll have to study React/Angular from the very beginning (I'm not a front-end developer, sorry) and I have no clue how to convert their npm-based samples to front-end javascript (npm is for NodeJS thus back-end, isn't it?).
All I need is plain html form with username/pass, send the request to Cognito and a way to check during the next page load whether the password was correct. If it matters I will use AWS Lambda as back-end for processing future tasks.
How can I do it? Is there a tutorial/doc for my case?
Thank you.
You can use AWS Cognito UserPools Hosted UI for your use case. The simplest form of authentication is using the Implicit Grant.
For more information about setting up Hosted UI refer Add an App to Enable the Hosted Web UI.. This will create a UserPool where users can register them self (If you plan to restrict this, you will need to either add users using the AWS Web Console, Cognito UserPools or using their SDK)
The steps are as follows.
Set up Cognito Hosted UI and register your application domain. This will create the login/registration pages for you where each of this will have a unique URL. What you have to do is, if the user is not authenticated (Let's discuss how to detect it later), you need to redirect the user to the Login page.
In the Login URL, you also need to specify the redirect back URL to the application so that after a successful login, Cognito will redirect back the user to the application providing the token in a query string.
You can then access the id_token from inside the application and use it for querying the backend.
Since the id_token is a JWT token you can verify it at your Backend using the public key available at the Cognito token endpoint.
To implement the JWT verification, you can also refer Cognito JWT Token validator NodeJS module.
Note: If you need to keep the user's logged in for a longer time period (Than 1 hr), you might need to use the Code Grant flow which will return a Refresh Token, which could be used to retrieve new id_tokens programmatically.