Ok so im making a blog which requires users to login through firebase. To post comments, their email has to be verified
I know how to verify the email, and i did so with my test account. When i typed into the console
firebase.auth().currentUser.emailVerified
it returned true, so yes my email was verified.
But the comment .validate rule requires the user to be validated, like so:
auth.token.email_verified === true
However it wasn't working, so i removed it and it began to work again
After a bit of reading, I realized that i had to
const credentials = firebase.auth.EmailAuthProvider.credential(
user.email, password);
user.reauthenticateWithCredential(credentials)
.then(() => { /* ... */ });
And that makes it work perfectly. The explanation was it apparantly takes the firebase server some time to update its backend validation, but reauthenticating forces the update immediately.
However, I am stumped on how to ask the user to reauthenticate themselves, as i have the following problem
How do I know when the users is validated (firebase.auth().currentUser.emailValidated), and at the same time the firebase backend is not updated (auth.token.email_verified === true is false) so that i can update my UI and prompt the user to reauthenticate
Basically how can i know when auth.token.email_verified === true is not updated yet on the client side
edit also is there a client side solution without reauthentication that updates the backend validation?
edit I tried user.reload().then(() => window.location.replace('/')) but it didnt work
This is what is likely happening:
firebase.auth().currentUser.emailVerified is updated when firebase.auth().currentUser.reload() is called after verification. However auth.token.email_verified gets its value from the ID token which will not get updated until it gets expired or you force refresh. So you may have to call firebase.auth().currentUser.getIdToken(true) to force refresh to update the token claim which is sent to the Firebase Database backend.
Related
Newbie so apologies if I am not concise enough on this. Creating a simple application in react that displays movies and allows users to have profiles. I am running into an issue with retrieving information from my database. When I sign up and register as a user for the first time, my data is stored in my db and I am able to login via username and password.
Once logged in, I can then navigate to my profile and update my information (username, password, email, birthdate) and using a "handleUPdate" function I am successfully able to update the user info and this new information shows in my database. The issue is when I am redirected back to login after updating my information, the system does not recognize my credentials (despite the updated user info showing in my mongo db). I think the issue is occurring either in my mainView, profileView, or loginView. For reference, i've attached my repo link: https://github.com/jchasehuskey/myFlixx-client-final.git.
I can include more information if needed. The error I am getting when trying to login via the new username and password is: " POST https://myfavflixdb.herokuapp.com/login 400 (Bad Request). "
Again, it's unable to retrieve the updated user info from the DB. I have been dragging on this for days and am not sure where I am going wrong. I could be asking the wrong questions or giving the wrong information. Any help would be much appreciated.
To provide dynamic content delivery, I am using rewrites in fire base hosting. Whenever open website with index.html then the browser request the firebase cloud function main.
"rewrites": [ {
"source": "/index.html",
"function":"main"
}]
Now I am facing a problem to provide dynamic content based on user login status. I also checked about client side authendication using JS.
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
// User is signed in.
} else {
// No user is signed in.
}
});
I don't know about web development. Here I have few questions,
How can I find authentication status of user by more flexible way? Does cookies used for this? I am asking because I don't know to pass firebase-token to the cloud function main.
Please address me an idea. Thank you all.
Short answer: End users don't have a sign-in status that's visible on a backend. That's just not how Firebase Authentication works.
Auth clients provide credentials to get a token that's used to identify themself when they invoke backend services. This tokens has a lifetime of 1 hour, and the client must refresh it in order to keep using it. Your backend doesn't know or care if the client has an auth token, if they use it, or if they refresh it. The client just needs to provide that token from whatever device they have signed in so the backend can validate it. There is no way your backend can know if the client obtained a token - you just have to accept the one it is given. This means you're going to have to actually figure out how to pass that token and validate it with the Firebase Admin SDK, or use a callable type function using the Firebase Client SDK to send that token automatically.
I want to allow users to sign in/up via GitHub using firebase by clicking on the same button.
I create a new authentication for every user in the server side.
With the little piece of code, I'm able to detect if either the user is new or not:
const provider = new firebase.auth.GithubAuthProvider();
firebase.auth().signInWithPopup(provider).then((result) => {
if (result.additionalUserInfo.isNewUser) {
// The user is new
} else {
// The user is old
}
But, when the function signInWithPopup is called, if the user is a new user, a new authentication is automatically created for him. How can I avoid this?
And if the user is already authenticate, how can the user sign in from the client side? Where is the link between the authentication done from the back end with the user that wants to sign in the front end?
This is not how OAuth works. If you use an authentication provider like GitHub, they handle auth flow for you. The only thing that you are left with on the frontend side is an idToken with your identity, basic profile info, and a signature so you can as a user using this token. There's no distinction between sign up/sign in actions.
As you have noticed, Firebase is an extra layer in this flow, it creates an account for a user who signs in for the first time. But there's no user limit or extra payment so I wouldn't bother too much about these extra accounts. You might consider periodical cleanups if you care about the security here.
If you want to actually check if the user exists you have to use firebase-admin e.g. in a Firebase Function before the signInWithPopup is called. But still, unless you want to prevent users from signing up, you can hook your server logic into functions.auth.user().onCreate trigger.
To answer your last question, when the user is already signed in, you'll get the user object in firebase.auth().onAuthStateChanged when a page is loaded. Login state is stored by Firebase.js so once you have called signInWithPopup, you don't need extra steps.
I'm using social authentication using the vue-google-oauth2 library. It works fine as I am able to authenticate my self and I receive a token from the backend too.
When initially I log in, and by using a function that is part of the vue-google-oauth2 library that I'm using to check if it says that I'm authorized or not, it gives the following response in my browser's console:
this.$gAuth.isAuthorized
true
When I then refresh my browser page, and since I've placed a debugger command in my code, and I print the same function again,
I get the following response:
this.$gAuth.isAuthorized
false
What can I do to ensure that switching tabs, reloading page or refreshing it won't make this happen? Or is this what is actually supposed to be happening?
Have you looked at saving it in as session data? Im not to familiar how Angular state works, but when you set original state you can look for the session key "authorized" and if it doesnt exist set auth to false, if it exists set it to the value.
localstorage.getItem(item)
and
localstorage.setItem(item)
There is also the option of making a component that handles the google auth and sends it to the state.
From the library documentation for vue-google-oauth page you linked it says you need to send that code back to your backend server to create a token to stay signed in, so it's behaving as expected. From here (https://www.npmjs.com/package/vue-google-oauth2#usage---getting-authorization-code) it states :
The authCode that is being returned is the one-time code that you can
send to your backend server, so that the server can exchange for its
own access_token and refresh_token
In other words, you need to do something with that code to make it persist in your app, otherwise it's just a one-time code, so looks to be expected.
I'm currently using firebase-admin to create a web Dashboard with node.js as a backend which will have multiple users and those users have user specific data in my database, note that I need them to be able to delete or add stuff to the database as well, I've managed to add new users to Autentication using firebase.auth().createUser() programmatically, but how would one go about logging in a user, and then from there controlling which uid is logged in and displaying his data (giving him access to the correct data, obviously don't want him messing with someone elses data).
I know this might seem like a really newbie question, and it probably is, but firebase docs always get me confused for some reason. Any tips? I'd greatly appreciate.
Any questions don't hesitate.
To login a new user, try this:
firebase.auth().signInWithEmailAndPassword(email, password)
this returns a Firebase.Promise which you can use to track the operation progress. If successful, it will return the corresponding Firebase.User object.
From there, the logged-in user will also be available in the firebase.auth().currentUser property. You can then use the user's uid property as a key for his JSON branch on the database.