I have a Flutter app which holds a username and a token to communicate with a web service.
How can I manage the username and token efficiently using best practices? Currently I am writing them into a DB and select them each time I want to do a request.
I tried to use bloc provider flutter bloc with a BlocProvider. I have the states LoggedIn and LoggedOut and the events Login and Logout.
Furthermore, I had a look at
secure storage, but I can't get the data available throughout all pages.
Also, I am not using the firebase API.
Let me know if I should provide some code snippets.
I use SharedPreferences now. The API is very simple and I wrote a wrapper to get rid of the (Strings) keys. Furthermore, the wrapper holds the values for the current session. The advantage of that is, that I can address the values directly instead of needing to read them asynchronously.
Related
In my app users can read and write data on Firestore.
In the Firestore Database there Is also a "Credit" document for each user where the balance of coins Is stored.
How can I be sure that no One could modify an APK of the app in order to change the balance?
In the app there are some functions that remove some coins from the balance, my fear Is that someone could change the code and add coins instead.
assuming that your app implements firebase authentication to authenticate operations on firestore it's safe to say that your app is compiled with a key and it has an hash.. it's not possible to someone to decompile the app, change the code and recompile it with your key.. so the new "hacked" app will have a different key and hash and firebase authentication will not work and your db will be safe
I think you need to secure the data itself. In your scenario I don't think you can have code in the app that simply writes a value to the balance. You need to create a separate API or firebase function to secure what you are trying to do.
If you want to ensure that only your application code can call Firestore, consider enabling Firebase App Check.
Just keep in mind that:
Using App Check does not guarantee the elimination of all abuse
So you'll want to combine it with other security measures, for example through the server-side security rules that Firebase also offers for Firestore.
Also see:
Locking down Firebase DB access to specific apps
How to allow only my app to access firebase without a login?
I've been trying to create a new user in firebase with a custom UID in flutter, but it seems it only can be done using FireBaseAdmin package, and it hasn't been implemented yet in flutter. Is there's any possible way to create a new user with custom UID?
I have no background on native development, so it's not possible for me to implement the admin methods in native java or kotlin in the current time. any one has an idea on how to implement it?
The UID for a user is determine by the authentication provider that creates the user. There is no way to specify your own UID when calling to the existing providers in the client-side Firebase SDKs (such as the FlutterFire libraries).
If specifying your own UID for a user is a hard requirement, you can implement a custom provider. This does involve writing code to create a custom ID token that runs in a trusted environment (such as your development machine, a server that you control, or Cloud Functions) however.
Alternatively, you can also consider storing a mapping from Firebase-provided UID to the ID that you want to use to refer to that same user. This is a scenario regularly used to give users a unique name, so I recommend checking out questions related to unique user names.
You can use FirebaseAuthentication.
When a user create an account it will create a new user with a random UID and the UID will be unique. I assume that you can also specify you own UIDs
Here is the link : https://firebase.flutter.dev/docs/auth/usage/
Its very easy to use :p
I have 2 provider, general provider and blog provider. general provider is called on splash screen and here I normally call API that fetch most common data like blog, category, tags, notification and is stored in general provider. How can I use the same data and populate other provider from the 'general provider' itself ? reason to do so is save number of calls made on the start of the app.
My flutter app is using refresh and access tokens to validate requests to a c# web API. This works perfectly. However, as soon as I introduced android_alarm_manager to do some background syncing of data (using isolates), I found that my refresh tokens were becoming invalid after a while (I store my refresh tokens in local storage).
This is due to multiple isolates requesting a new access token simultaneously (as I cannot lock the method due to isolates not sharing memory). Now I am not sure what the best approach would be to keep the tokens in sync.
I was thinking that each isolate could have its own refresh and access token but that doesn't seem like a good idea as I would have to store the username and password locally. Another idea I had was to setup some syncing strategy between the isolates using isolate communication or local storage, but feels like overkill.
Thanks
Take a look at the Flutter Geofencing sample:
Repo: https://github.com/bkonyi/FlutterGeofencing/tree/master/lib/src
Article: https://medium.com/flutter/executing-dart-in-the-background-with-flutter-plugins-and-geofencing-2b3e40a1a124
It uses SendPorts to communicate across isolates which sounds like what you need:
https://api.flutter.dev/flutter/dart-ui/IsolateNameServer-class.html
You could then update the token in any isolate and send it via a SendPort to all isolates to keep it in sync.
I am planning to use Firebase as my backend service for the mobile application. As part of the functionality, I need to get the data from external rest API which returns JSON data. I need to update the data periodically so that I can have updated information.
I have an option to call the rest API and update firebase on the mobile application however it is not the right approach. I prefer to keep this logic on the backend service.
Is there a way to use Firebase cloud function to periodically update firebase database from external Rest API?
#Ioki, I assume what you are trying to do is make a mobile app which gets updated data every time a user goes to the app but you want this to be on the backend. I haven't tried it but you might want to use Node js with their Firebase Admin SDK.
See the link: https://firebase.google.com/docs/admin/setup
Although I think it might make more sense to use the real-time database via the iOS/ Android SDK because automatic/ value event updates are basically the purpose of the real- time database. Good luck! :)