I want to have multiple logged accounts (with different auth providers Google,Apple, phone, email) in my app, so that the user can switch between accounts. To do that, I want to store the idToken and then use it to login without the need for the user to log in manually. I tried using this function:
FirebaseAuth.instance.signInWithCustomToken(token);
But it returns this message:
[firebase_auth/invalid-custom-token] The custom token format is incorrect. Please check the documentation.
PS. I'm getting the idToken wih this function
FirebaseAuth.instance.currentUser.getIdToken();
Image with the desired functionality
Thanks in advance!
I have tried storing the auth credentials but these have a short life time.
I expect to have tokens for different account, so I can switch this accounts.
I believe you may want to do something else rather than use the idTokens. What I would suggest is to check the providerId when a user logs in and originally links the accounts. Store this providerId locally and then in your database for profiles, have a collection by the userId with documents segmented by the providerId and just retrieve it the profile by the chosen providerId. Another option would be to allow one users to generate multiple profiles freely but limit it to maybe 5 different accounts, this would simplify the ux since they won't need to generate multiple accounts for the same functionality.
Related
I have been trying to figure out after referring to their official documentation (Google Ads API Document) which is not clear enough
Here is what I have tried till now.
I have created an app where users can log in with their Google Ad words account. I need to fetch their Ad performance reports via REST API.
To make an API request to fetch performance reports, we need the Google Ad Words Account ID of the authenticated user. Currently, as I am testing it with my personal account, I can login to my Ad words Console and get the Ad Words Account ID. But, how do I fetch the Ad Words Account ID dynamically for other users who authenticate via my App?
I tried looking for a way in their official documentation. But I couldn't figure out.
Could someone help me with the REST API URL which needs to be called to fetch the authenticated user's Ad words Account ID.
In addition to previous answer, I guess this is what you are looking for:
https://developers.google.com/adwords/api/docs/guides/first-api-call#create_test_accounts
It explains how to setup Google Ad Words API and get your ID.
According to the documentation here Account overview, you need to list the customers to get the ID. For each user that logs in as long as they do not have access to multiple accounts you should get a single customer and their ID.
CustomerService
CustomerService provides information about your accounts. It has a
getCustomers() method that takes no arguments and returns a list of
Customer objects containing fields such as customerId, currencyCode,
and dateTimeZone. CustomerService also has a mutate() method that can
be used to update various attributes of a customer, including the
autoTaggingEnabled and conversionTrackingSetting fields.
If no clientCustomerId is specified in a request, the response will
contain multiple entries if more than one account is directly
accessible by the authenticated account.
I am using auth0 to login users in my react app.
When the users hit my callback URL (another react component), is it fine for me to make a request to my own database to validate and update this user?
In my use case, my users belong to a team and a team belongs to a league.
There are two types of users - players and owners.
In order to ensure that my app users are only making requests against teams and leagues they belong to, I want to add their teamId and leagueId to the auth0 user_metadata, as well as their userId local to my app.
Where would I do this in the login flow? Is this what the callback URL is for?
Thanks
Are you looking to set that info (their team/league information) when the user signs-up/logs in? Or will it be set up after, once the user signs up and starts using the app? If it's upon sign-up/login we can look to implement this using an Auth0 Rule (https://auth0.com/docs/rules/current). Otherwise, we can send a patch to /api/v2/users/{id} to update user_metadata. You can store this information in the id_token in a custom claim depending on your use case.
My company has userbase of course, but I want to allow users to login and use my applications with their social accounts e.g. Outlook, Facebook, Gmail. Something that is usually not clear to me when I read resources on the Internet on the topic is how to map the social credentials with ones in our database? I know we should use an API platform or something like that, but the user identity part is not clear to me.
You basically need to, as you noted, tap into the provided response and transform or link or provision it to existing identities in your own userbase. A lot of this depends on your method of delegating authentication to external provides and things they expose back to you as part of the user profile. You basically need to grab the user profile, parse it and then determine which field can be used to link that profile to an existing account, and then establish the authentication session based on the final result.
Here is a link to a technical walkthrough that describes the same process with an SSO solution: https://apereo.github.io/2018/04/20/cas-delegated-authn-account-linking/
I am working on a multi-user Clio app that can automatically OCR every document stored in Clio. I would like to enable my app so that the OCR settings are configured once for the firm and not individually for each user.
How does Clio recommend implementing firm-wide settings?
I had thought about using the #DomainName.com part of the customer's email address but that feels brittle and seems like a good way to create a security issue.
Clio recommends that applications store their application specific settings in their own data store (ie Firebase or similiar would work). If you need to share settings across users in an account you can gain access to the account id via the users end point. The following request (ensure your application has the User Read scope set) should get you started.
GET "https://app.clio.com/api/v4/users/who_am_i?fields=id,account\{id\}"
This will return something like:
{"data":{"id":344855567,"account":{"id":809455327,"redacted":true}}
The account id will be the same for each user in the account, you can use this as your account key in storing account specific application settings in whatever data store you're using for your settings.
I am developing a iOS app, that will require the users to log in with third-party SNS account, like facebook, or twitter. However, I want to allocate "native" user id for each users for the benefits of future use.
For example, since each FB user is assigned an unique ID, say, 12345678, when this user log in with his/her FB account, I can get this FB id via FB's iOS api, then I can simply add a prefix "FB" to this id, stored a local text file with "FB12345678" as content in the i-device.
Then next time the app launches, it simply check the existence of this text file, and if not, pop out a view to require users to login, otherwise just use the content, like "FB12345678" as keyword to fetch data from my server.
Above is my own thinking. But I think there are some severe problems:
first, is it safe to store a string locally without encryption?
Second, if I use, say in the example, "FB12345678" to fetch data, is it safe to transmit via the Internet?
Chances are this " FB12345678" can be easily intercepted, and used to forge the identity of a user.
Lastly, if the user changes his/her FB password, I think my app should require the user to re-authenticate, but from the above strategy, obviously it does not work out.
So could anyone elaborate what is the most commonly used strategy, or algorithm, to enable thirdparty SNS account login? (like Instagram, Parse, etc.)
you can use the SDKs Provided by different Social Medias. It will maintain the session at your side. It is not proper to save userid on application side and other thing is that in almost all the medias you will require to send the access token and secret to request a data. and the Token Changes so its not good to save it. You can send it with your request and if it will be expired it will automatically ask you for the second time login.
please visit:
www.developers.facebook.com //for facebook
www.dev.twitter.com // for twitter
Try following links:
https://github.com/fhsjaagshs/FHSTwitterEngine
https://github.com/nov/fb_graph
hope this will help you.