I am in the middle of creating a Flutter application and am stuck on how to implement authentication using email/password and social providers like Google and Facebook. Everything works except my approach on how to get user details to store in Firebase like address, phone number, username, etc. Implementing this when working with email/password registration has been simple because I created a multi screen form and then finally registered the user which would log them in. The problem with getting additional details when working with social providers is that I would need to authenticate the user first before ever getting the chance to get additional details. How can I go about getting user details for users that choose to use Google and Facebook to authenticate?
One way is to prompt the user to enter the required additional details when the user logs in.
You should first check if the user logged in through a Social Media provider :
List<String> providerList = await FirebaseAuth.instance.fetchSignInMethodsForEmail(_email);
fetchSignInMethodsForEmail will return a list of sign providers the user used to login to your app (if you haven't enabled account linking, this would probably be just one provider)
Here's a list of social media provider ID's :
GoogleAuthProviderID: google.com
FacebookAuthProviderID: facebook.com
TwitterAuthProviderID: twitter.com
GitHubAuthProviderID: github.com
AppleAuthProviderID: apple.com
YahooAuthProviderID: yahoo.com
MicrosoftAuthProviderID: hotmail.com
For example, if you have enabled Facebook login, you can check if the 'facebook.com' is available in the providerList, if so prompt a screen to collect your additional data and update your user record on Firestore for this user.
Related
I'm experimenting with Flutter, Dart, and FirebaseAuth. I've been able to successfully login with a Google sign in, but when I try to login with a Facebook sign-in I get told "An account already exists with the same email address but different sign-in credentials. Sign in using a provider associated with this email address."
This is because firebase auth is basing everything on the user's email and I've already signed in using Google. So it's not allowing a sign in with Facebook.
In some code I did years ago I just got the user and use .lineWithCredential(facebookAuthCred) to complete the link up with the established Google account in Firebase. But with the Dart implementation this doesn't work because FirebaseAuth.instance.currentUser() is returning a null. The docs on the error coming back from .signInWithCredential(facebookAuthCred) tell me to do .fetchSignInMethodForEmail(...) except that without a login I don't have an email address to pass to it.
So I'm in this situation. If a user re-starts the app and selects Facebook instead of Google, how can I link the accounts when I don't have a FirebaseUser nor an email address?
The only thing I've seen on the net so far is people saying you have to get the user to log in with their Google account first, but Logging in Google just to then login Facebook is a really terrible UI experience.
I'm struggling to figure this out.
You'll first need to sign the user in to Firebase Authentication with their existing Google account. Then you sign them in with Facebook, and create an AuthCredential through FacebookAuthProvider.getCredential(). Then you call linkWithCredential with the result from the previous call. This is the only way to link the two accounts.
If you want to allow users to sign in with whatever provider they prefer, but then creating separate accounts in your scenario where they have the same email address at multiple providers, you'll want to change the One account per email address setting in the Firebase Authentication console.
Facebook is blocked by my company firewall but I want to develop an app where in employees can click a link we send it to their email and provide access to their facebook account and update. Firewall blocks facebook.com so I cannot have users type their username and password on facebook.com url. Can I have users type in their username and passowrd on internal website using which the app will login and get access?
it goes against the purpose of oauth to take the user's password and use it to log in as that user. oauth is designed so that the user will never have to disclose their password to your app but still be able to provide your app with some of their own facebook data. this way, only the facebook data which the user chooses to share will be available to your app. also the user may choose to allow your app to publish on their behalf, see here for the details.
my suggestion would be to get the users to authenticate your app from outside the work network (where the facbook.com url is available). this way you can still post on their behalf and your app can get certain information from their profile to relay on to them without you ever needing to know their password.
A noob question since its my first app to deal with Facebook social sign in. I am developing an app (Flash) which have the ability allow the user to
create normal user account
or
social sign in
The information both store in the same table, but with social sign in off course there is no user password store so i create a account_type which differentiate weather its from the normal user account create or social sign in from Facebook.
Is my appraoch to this correct?
Just wondering what do you need to store in the database in order to authenticate the user, if they come from Facebook social sign in. Because the authentication happen within the Flash application itself rather than going to the server and return result.
So my ulitmate question is what information do i need to store in the database for social sign-in users in order to match with their account and authenticate they are legit user. instead people can just steal email address and access all user's information.
Thanks for any kinda help
The only thing which will identify them uniquely is their Facebook ID. You need to confirm this by requiring them to authenticate, then calling the graph through the ActionScript API to get details of the current user.
Facebook IDs aren't secured in any way (you can look them up with a simple graph call), which is why you need to get the user to authenticate with FB - it's not like ACS, for example, where you set up a relying party and receive a token string that is unique to your application.
After getting the user to authenticate, your code will look something like this:
var auth:FacebookAuthResponse = Facebook.getAuthResponse(); // Gets current authenticated user, or null if no user is authenticated.
var token:String = auth.accessToken; // Access token - only valid for this session, so you can't use this.
var user:String = auth.uid; // Unique identifier of the current authenticated FB user.
I am creating an app in which you can login via Facebook, Twitter, or our own internal mechanism. The issue is the following scenario:
I open the app and login using Facebook
I logout
I open the app and login using Twitter
The above scenario will result in me as a user having two accounts in the system. How do I prevent this from happening so that I have one account and it doesn't matter whether I login using Facebook/Twitter?
Every time a user login using Facebook I am as well creating an internal account, with the Facebook username and Facebook id as password. The same thing when I login using Twitter I am creating an internal account with the Twitter user name and id as password.
An idea came in my mind to solve this:
When a user logs in using Twitter check the name and email if a user with that information already exists in the database. However, the name and email they use in both Facebook and Twitter might not be the same, so this might not work all the time.
You can't make this work with your current flow (when the user logs in then logs out again). Instead you should allow a user to login with either their Facebook or Twitter credentials and then, whilst they're still logged in, get them to associate their account with their other service with that user.
So, the flow would be something like:
New user arrives at site User logs in with Facebooks oauth2
mechanism
Your server receives their FB ID and generates a new user
in your systems. Stores their FB ID against that user.
You prompt
the user to add their twitter auth credentials. User logs in with
Twitter oauth2 mechanism
Your server receives their twitter ID,
checks to see if a user is currently logged in with your
application. Because there is, you save the twitter ID agains the
current user.
Later, the user can log out and then log in with either service.
How do they manage to get user to login to Twitter / Facebook through Javascript so smoothly?
I am trying to replicate it for the web app. Basically, the user only needs to add a javascript snippet to their site to kickstart but I am clueless as to how to integrate facebook and twitter connect seamlessly.
Do they store access tokens after successfully authenticating a user?
Short answer is yes, they store access tokens after successfully authenticating a user.
After you try facebook and twitter apis, you'll see that, they both returns ids for every user who succesfully logged-in through your application. You can then simply add those ids pairing with the platform they logged in to your database. You can then use that data to track users easily.
You need to
Create applications on both platforms
Have pages for each provider to check if user performed a succesful login
Check if user is a newcomer and add that user to your database if so.
Set a session or cookie variable of user's local id in your own application or do whatever you are normally doing to track if a user logged-in as that user is your local user.