Is there a way to share anonymous user sessions with Firebase Auth?
What I would like to is to get the current id token:
final idToken = FirebaseAuth.instance.currentUser!.getIdToken();
Then, use this idToken to authenticate the same anonymous user in a different app.
FirebaseAuth.instance.signInWithToken(idToken);
With signInWithCustomToken() method, you can use a custom auth token to sign in a user on different website. As documented here
Firebase gives you complete control over authentication by allowing
you to authenticate users or devices using secure JSON Web Tokens
(JWTs). You generate these tokens on your server, pass them back to a
client device, and then use them to authenticate via the
signInWithCustomToken() method.
You can create a custom token with the Firebase Admin SDK, or you can
use a third-party JWT library if your server is written in a language
which Firebase does not natively support.
The Firebase Admin SDK has a built-in method for creating custom
tokens. At a minimum, you need to provide a uid, which can be any
string but should uniquely identify the user or device you are
authenticating. These tokens expire after one hour.
After you create a custom token, you should send it to your client
app. The client app authenticates with the custom token by calling
signInWithCustomToken()
Also check out these links for more information and examples:
Authenticate with Firebase Using a Custom Authentication System
Firebase auth - login user from app in website
How to use the same firebase anonymous user in a flutter app
Related
await FirebaseMessaging.instance.getToken();
I used this code to get token
but apparently this code just give me the token of the device,
For example, if i uses many accounts in my app, i'll get the same token for every accounts.
But if i use another device, i'll get different token.
A firebase messaging token is tied to an installed App on a device, not to a particular user.
See:
Firebase Cloud Messaging Auth Tokens vs Registration Token
What is the proper way to capture device registration tokens in order to send notifications via Firebase Cloud Messages?
The FCM token is generated based on the app , its bundle id and device thats why its unique for each devices for same app.
Flutter firebaseMessaging Token is device specific.If you want to change your token then you can reinstall the app.
If you want token based on user then you can use TokenRefresh method.
The token is generated per the client app instance.
On initial startup of your app, the FCM SDK generates a registration token for the client app instance.
See Best practices for FCM registration token management for details.
Only one user at the time is logged in on the app instance. Delete the token when a user logs out and then you get a new token when a new user logs in.
I have a flutter Android app which implements Google sign in, and ASP.NET core Web API server, which using token-based authentication. Android app sends jwt token to server, which contains such information as email, username etc. So on server. I need a parameter, on which user can be authorized.
Does Google's JWT contains any information, which is unique for every account?
If jwt does not, is it possible to get a unique identifier after validating this token using GoogleJsonWebSignature.ValidateAsync(token)?
I am completely new to Flutter/Dart so pardon my lack of knowledge.
I am trying to set up a login page in my app. I would like to use Firebase Auth as it supports a wide range of authentication options. However, I want to start with Facebook for which I am using the following different dart plugin
https://pub.dev/packages/flutter_facebook_login
I don't think the official flutter plugin for Firebase auth does not support Facebook login yet. My plan is to somehow combine the two to get the following
Use the flutter_facebook_login plugin to perform the login using facebook and get facebook access token
Pass the facebook access token to Firebase Auth to register a user from a custom token
However, when I pass FB access token to Firebase Auth, I get an error that the access token is malformed. Has anyone done this before?
I want to use Firebase Auth to persist the user's login session as long as possible and when the access token runs out use the refresh token to get a new access token. This will essentially mean that once the user logs in using Facebook, they will be permanently logged into my app.
I'm trying to develop a React application that will allow users to login with their Azure AD accounts and their Facebook accounts.
The first thing is that I didn't understand about the 2 tabs "User
Pools and Federation Identities". Do I need both to get it done or
just the User Pools is enough?
My goal is just the authentications. I don't want to allow users to access any AWS service. I just want the authentication token.
I already got the user logged in via facebook using the Federation Identities and the Facebook SDK, but I don't know how to keep the user data saved after getting the token from facebook auth. Also is it correct to use the facebook SDK or should I use Cognito to take care of all authentication methods for me?
Do I need both to get it done or just the User Pools is enough?
No. Userpool is more than enough if you just need authentication and do not need to use AWS services.
I already got the user logged in via facebook using the Federation Identities and the Facebook SDK, but I don't know how to keep the user data saved after getting the token from facebook auth.
What user data do you need to save. If you want User's profile data to be saved in Cognito, you need to use Cognito Userpool & not Federated Identities. Add Facebook directly to Userpool. Upon using Facebook login, a user is auto-created in the userpool based on all user data available in the token. See this doc on how to add Facebook to a userpool directly.
Also is it correct to use the facebook SDK or should I use Cognito to take care of all authentication methods for me?
Depends on your use-case. If you just want to add authentication to an app, the best way would be to Add Facebook to a Userpool directly, create an app client in the userpool for your application; enable Facebook for that app client & use Cognito Userpool's built-in UI to login using Facebook. This feature (built-in UI) is called App Integration. After successful Facebook login, a valid token will be sent to your app. Do note that the token sent to your app would be from Cognito.
Client--> Userpool built-in UI --> Redirect to Facebook --> Login using username +password --> Facebook sends its token to Cognito ( https://your-user-pool-domain/oauth2/idpresponse)-->Userpool vends its own token & redirects to the URL mentioned in the redirect_uri.
I have a website using ASP.NET Core, which uses MS Identity and external login from Facebook.
I have a Xamarin app that logs to this backend via login/password using Xamarin.Auth. I am wondering which is the best way to allow external login to Facebook from the app?
Should I create a separate Facebook app for Android or should I use the same as the website?
What would be the flow?
I am thinking of something like:
Using the Facebook sdk to log in
Pass the token to the server
Check from server side if the email exists or the FB user id exists
If yes check whether the app is registered using Facebook and if yes login
If no create an account
But until now I haven't stored the user's Facebook Id (only the email, that the user can also modify).
Xamarin.Auth is client library and currently has no server side implementations.
So, your server is Protected Resource and Facebook will be Authorisation Server. After you obtain your tokens (access_token and refresh_token) you would try to access Protected Resource presenting access_token as a credential. Protected Resource will perform token introspection (this could be separate service-server) which will decode the token, lookup username (mail) and check expiration of the token.
This is not specified in draft (RFC) so check how FB does token introspection.
Few links for more info:
How to validate an OAuth 2.0 access token for a resource server?
http://blog.api-security.org/2014/10/oauth-20-token-introspection-profile.html
https://www.quora.com/In-OAuth-2-0-how-do-resource-servers-assert-a-token-issued-by-an-authorization-server
https://connect2id.com/products/server/docs/api/token-introspection
https://leastprivilege.com/2015/12/27/oauth-2-0-token-introspection-middleware-for-asp-net-5/