I am building a mobile app with Flutter and Flask Backend. For authentication, we allow username/password and google oath2 but will delegate to Firebase for credential validation.
So users credentials are stored on Firebase project but problem is we have a seperate Database with account table (we use a firebase_uuid field in account table to map to user on firebase project)
I am not sure of the registration flow since we need to handle both databases
For user/password registation, should Flutter app or Backend communicate to Firebase to create account?
I think backend should do it since after creating account on Firebase, we also need to create account on our own DB?
If we let flutter send request to Firebase directly to create account, what would be the correct flow so that my backend can also save user info in our BE database?
For google oath2 registration, similarly, if we were to do it on Flutter, what would be the flow to populate in our BE database?
Similarly, what is the flow in case of login and changing user's password?
Its pretty simple if we do not have Backend at all and just use firebase as backend but other operations required a seperate BE service
Related
I would like to synchronize the users that I allow to register from stripe connect with Google Firebase Auth and the firestore database.
At the moment I've just created my stripe account and I have set up all things in Google Firebase, also a stripe extension that creates customers if the client registers as the user, but it isn't what I want.
It would be great if the user can register through the stripe connect link and sync then with firebase auth and firestore.
Does anyone have a solution for this?
i'm very new with MongoDB atlas. Basically, i have an application that not have authentication like login or sign up. So, i want to build authentication feature for my app using mongoDB function http endpoints.
The case will be like this:
User can register and sign to the application
All the data about user such as fullname, username, password, email should be store in mongoDB
My app only can connect with the rest service
There will 2 type of user which are admin and basic users
I have tried to insert and import data using http endpoints function and it works with my app. SO i want to build the authentication. Anyone can help me about this? i will very appreciate if you can help. It is for my project
I want only people whom I register or with specified email should be able to use google sign in, rest are not allow to sign in.
example:- I run a institution and I have separate id for my fellow students and I want them to only be able to sign in using that id and otherwise they should not be allowed to use any other Id(email to be more precise).
in my flutter application using firebase-> google_sign_in.
hope I am clear!
bro add some g mails in your firestore those people you want they can access my app if this emails exist in your db then they can google signin otherwise show toast your account is not regirsted by admin
try{
FirbaseFirestore.instance.collection("alloweduser).doc().where("emial",isequalto:123#gmail.com).then(){
Goolglesinin()
{
google signcode
}
}.catch(e)
{
showToast("ask admin to app permission")
}
You are talking about authentication vs. authorization.
Authentication: Since google is your authentication provider... anyone with a valid google account is authenticated.
Authorization: Who has access to what parts of the application?
You need to implement an authorization system / flow to determine if an authenticated user has access to the app. By default... all users will have NO ACCESS.
How you implement authorization - depends on your backend and how you store user data. If you are using firebase, something like this will help: https://firebase.google.com/docs/firestore/solutions/role-based-access
I learn Firestore and have beginner question.
If I have a web site that connect to Google Firestore Cloud datastore and the website is pulling documents from the Cloud datastore like name: value json struktur.
Is then the website a "user" or I mean do the website need to sign in even it has apikey?
I read Get started with Cloud Firestore Security Rules and can only see settings that need a signed in user!
I want a website to pull this name: value from Cloud datastore that all I want?
Here is the rules:
service cloud.firestore {
match /databases/{database}/documents {
match /<some_path>/ {
allow read, write: if request.auth != null;;
}
}
}
looks like I must make some Auth for a user not a website?
Please advice!
The answer is that one must be signed in to be able to secure Firestore databas and if a website dont want to force users to sign in the website can sign in(under the hood)
anonymous and if the user decide to sign in later the anonymous account then with the help of linkWithCredential transformeds to the users own account like Google or Facebook sign in.
You can use Firebase Authentication to create and use temporary
anonymous accounts to authenticate with Firebase. These temporary
anonymous accounts can be used to allow users who haven't yet signed
up to your app to work with data protected by security rules. If an
anonymous user decides to sign up to your app, you can link their
sign-in credentials to the anonymous account so that they can continue
to work with their protected data in future sessions.
Authenticate with Firebase Anonymously Using JavaScript
With your security rules, a user that accesses Cloud Firestore directly from the client-side code using one of the Firebase SDKs, will have to be signed in to Firebase Authentication. This applies no matter whether the client is a native mobile app, or a web site.
If you have server-side code that accesses the same Firestore database using either one of its Admin SDKs or its REST API passing administrative credentials, that code actually bypasses these security rules - so is not bound by its requirement to be signed into Firebase Authentication.
So if you render the web site server-side and read from the database in that same server-side code, there is no need for the client-side user/code to be signed in to Firebase Authentication. But if the client-side code is directly accessing Firestore using one of its SDKs or its RET API, the user will need to be signed into Firebase Authentication.
Many mobile apps require user login. That's why Ionic launched their Auth service (https://docs.ionic.io/services/auth/). I can create users via the Auth service itself or via the Ionic API. I also can save custom data for each user. Very nice is also that I can sen targeted push notifications to my users. Seems like a nice out-of-the-box solution.
But most of the time apps have more complex logic (user can post something, user can order something, make a payment, ...). The simple user with some atributes from Ionic does not help much in those cases.
So I need to authorize the users not only inside the app but also against some custom API. And this is where my questions come up...what's the best way to do this?
Some things that came to my mind:
When creating the user in Ionic, also create the same user with the same email and password in my API. So I can make authorized requests. But this does not user any token and I would have to pass my password in every request, also I am worried about data consistency. What if the user changes its password?
Use the internal Ionic user ID, create one global token and use user ID and global token to authenticate the user in my API. But is this secure?
Another worry in my mind: If I save user name, email etc in the Ionic Auth system I would have to access it via their API every time I need it in my own system. For example: A user orders a product in the app. Then my system needs to send out a confirmation to the user. I would have to access the Ionic API to know that users email...and so own.
I think this is all confusing.
Is Ionic Auth not made for those situation? Then, I don't see what it's made for at all...
Is ionic Auth just not there yet...?
Am I just not getting it?