I using back4app service and as admin I would like to fetch PFUser records and delete some of them if needed.
Currently I am getting error:
User cannot be deleted unless they have been authenticated.
I logged in as a PFUser. Is are any possibilities to do it via masterKey or smth like this?
The best option I see here is to use cloud code as you would not want to give authenticated users permission to delete other users.
So basically you would have to write a Cloud code function where you retrieve users and delete them.
Have a look at this guide below
https://help.back4app.com/hc/en-us/articles/360045500871-How-to-update-a-user-
Related
I want to have multiple logged accounts (with different auth providers Google,Apple, phone, email) in my app, so that the user can switch between accounts. To do that, I want to store the idToken and then use it to login without the need for the user to log in manually. I tried using this function:
FirebaseAuth.instance.signInWithCustomToken(token);
But it returns this message:
[firebase_auth/invalid-custom-token] The custom token format is incorrect. Please check the documentation.
PS. I'm getting the idToken wih this function
FirebaseAuth.instance.currentUser.getIdToken();
Image with the desired functionality
Thanks in advance!
I have tried storing the auth credentials but these have a short life time.
I expect to have tokens for different account, so I can switch this accounts.
I believe you may want to do something else rather than use the idTokens. What I would suggest is to check the providerId when a user logs in and originally links the accounts. Store this providerId locally and then in your database for profiles, have a collection by the userId with documents segmented by the providerId and just retrieve it the profile by the chosen providerId. Another option would be to allow one users to generate multiple profiles freely but limit it to maybe 5 different accounts, this would simplify the ux since they won't need to generate multiple accounts for the same functionality.
I have created the service account and can see the details in admin console, I need to get the service accounts userid without going to admin console. Is there a api call for that?
Yes, you can use the Get Current User API call:
https://developer.box.com/reference/get-users-me/
The response will contain the ID for the current user, which is normally your service account when using JWT Auth:
https://developer.box.com/guides/authentication/jwt/with-sdk/
Here is a recent forum post which is similar:
https://support.box.com/hc/en-us/community/posts/360049526313-How-to-create-an-email-alias-for-a-JWT-app-
The mailid/userid will be visible to the admin in admin console. The easiest way is to contact the admin to get it.
I've configured a webservice in a production website, but when I do a call to core_user_get_users_by_field function this returns a blank array except for the webservice user/role.
What permissions or things I must configure to get the right information for all users?
Best regards.
To allow the webservice user to see profiles other than it's own you need to grant it
moodle/site:viewuseridentity
To allow the webservice user to see the user's full profile you need to grant it
moodle/user:viewalldetails
I am trying to impersonate user(system user) using admin session.
For admin session, I am using repository.loginAdministrative which is now deprecated. I dont want to use this.
Is there any other way I can replicate admin user and save the node under desired location and use the same.
http://www.wemblog.com/2014/08/how-to-use-sessions-and-resource.html?m=1 shows how to do this on version 6 and above.
Please try to create a system user with proper permissions and use the system user.
Using Shiro with JDBCRealm
My use case requires a user to submit a form to next user. The next user can only be someone with specific permission. This is to be known in order to show only valid Next user list for selection.
How can I get list of all the users that have a specific permission?
If not, Is there a workaround of getting the User permission strings from database and then at least reuse Shiro's logic to check if the user has specific permission?
Shiro is related to only security, authority, etc of current user not to the whole user base. You can use your standard sql queries to retrieve users with same permissions of the current logged in subject.
Why not use simple SQL query that matches current user permissions to other users permission and give a list. This way you will save memory and resource by not computing permissions logic in java again.