I am having issues figuring out how to implement the functionality for my current tasks. I will try to explain the situation simply:
The app is an Angular 2 webapp that uses Firebase for authentication. when the app loads up, the user is automatically authenticated anonymously (since we have database and file storage rules that are set to "auth != null".
Then later in the app there is a feature that the user can only use when authenticated through an auth provider (Google). If I try to just sign in with Google it saying that the user is already signed in.
So we can sign out, and then try to authenticate with Google. But then what if the user closes the auth popup box or denies giving the app permissions? Then the user is not authenticated at all!
And if we re-authenticate anonymously if the Google sign-in fails then we have a completely different username (created from the uid) which is very weird UX for the user.
Perhaps I am not thinking about it correctly, but I just don't see any good solution for what I'm trying to do. Hopefully, someone else can find a better solution. Thanks!
Related
I'm a newbie in React Native and struggling in handling the state of authentication in my app.
I'm using Redux and haven't persisted the authentication state to silently log user in yet. I've added Firebase authentication
Basically what I want is when a user signs in, he will be signed out by the app when that same account signs in in a different device.
Or at least, can we disable the activity of the old user ?
Can anyone please guide me stages and requirements in order to achieve this ?
Thanks in advance!
You can not automatically signout the other/old user but check the authentication token while calling any API by the old user.
While you are logging in from a new device just generates an authentication token on firebase. And from the very next pass that token through header while calling any API.
This is the logic.
I am trying to implement firebase's signInWithPhoneNumber just to verify user's phone number without really registering which I can not bypass. But the problem is that it excecutes the onAuthStateChanged function which then logs the user out since it is not possible to link email with phone number accounts.
I also did read the documentation about linking the already registered(user with email) with phone but without success.
So my question is, is there any way I can detect which auth provider is in onAuthStateChanged just to return the function or is there possibility to link email with phone?
Any help is appreciated! If code needed just ask.
Firebase Auth doesn't have a mechanism to just verify a phone number without also signing in - that's just not a supported use case. You might want to look into other products that do phone number or SMS validation. Firebase Auth is just for managing actual user accounts for the people using your app.
My goal is to logout a user from the web app in the user is logged in another browser.
Example: If the user is logged in chrome and now the user is trying to log in firefox then the user should be logged out from chrome.
Is there a solution to remove only that particular token from firebase
I have already used revokeRefreshTokens method to revoke the tokens. But that won't work because this method will remove all the tokens. Which means also the token in mobile app. So if the user logs into a browser then the user will be logged out from the app. The below code is the one I used
admin.auth().revokeRefreshTokens(uid);
Is there a solution to remove a user token alone from firebase. Thanks in advance.
You have to manage the session. PassportJS have such functions. See this post:
Express.js + Passport.js : How to restrict multiple login by the same user?
Since you are trying to do that with Firebase, here try this:
How to prevent simultaneous logins of the same user with Firebase?
I've been looking through the Google Sign-In guides and it says to use the signOut function (https://developers.google.com/identity/sign-in/web/sign-in) for it's self-described purpose. I understand that it doesn't sign you out of Google (that would be frustrating), but I don't understand what it actually does. Does it switch some "logged in" variable from true to false? If so, how do I check it? The reference doesn't provide much detail https://developers.google.com/identity/sign-in/web/reference#googleauthsignout
The way Google Sign-In for Websites works is that users coming back to your website will be automatically signed-in with no prompt or action necessary.
When using signOut() this doesn't happen and the user will have to sign-in again. Signing out doesn't revoke any permissions though, but only removes any currentUser information form the current session.
When the user then decides to sign-in again they will be logged in right away without a new permission prompt.
To disconnect a user completely and revoke all permissions/tokens there's the extra disconnect() method.
One thing to note is that the signOut functionality only works if you have deployed your website to some hosting. So if you are testing on localhost you won't see the expected behavior. Not sure why that is the case, but I have encountered this problem in the past, but signOut worked as expected as soon as the website was deployed.
To keep your website updated with the current sign-in state you should be listening to isSignedIn and/or currentUser changes, that will also trigger when the user signs out: https://developers.google.com/identity/sign-in/web/listeners
I'm not gonna post a bunch of code, unless I have to. It's mostly pasted straight from Firebase.google.com. I got every authentication method working fine but Github oAuth is all kinds of screwed up. So after a while I decided to go from Firebase v3.0 to 3.1. No fix.
The redirect page does pop up but I can't use my regular Github credentials - the Github account used to create the developer app (even though I log out of Github in my other web tab. My authAction() catch says:
An account already exists with the same email address but different
sign-in credentials. Sign in using a provider associated with this
email address.
So, I created a second dummy Github account and I now can log in using that. However upon logging in, user.email and user.displayName come back null.
Another strange thing: When logged out of every app, I log in to my Firebase app via Github oAuth and then open a new tab and navigate to Github, I'm already logged in! Presumably, somehow my token is shared between websites? Google, Facebook, Twitter, Anon, and Email/Pwd all work fine.
Anyone have this Github oAuth issue too or is it just me?...
When you get the error:
An account already exists with the same email address but different sign-in credentials. Sign in using a provider associated with this email address.
It means you already signed in using the same email with a different provider. You can sign in to the same provider and then link the github account to that current user. You can call firebase.auth(().currentUser.link(githubCred) or firebase.auth(().currentUser.linkWithPopup/Redirect(githubProvider)
As for Github not providing your email and name, you could have your github account settings set to not disclose your email and info. Typically you have to ask for the user:email oauth scope if you are using signInWithPopup/signInWithRedirect but that is currently not working with Firebase. The team is working on a fix.
Regarding your third issue, I am not sure I understand this correctly. When you sign in to Firebase using Github or any other provider, you will need to login to that provider before consenting to that app's permissions. If you navigate to that provider's site, it is normal to be logged in. If you try to sign in with Firebase using github on a different app, you would still be logged in to github but you would be asked to consent to that app's new permissions.