Does Firebase count the getting current user id or email (Auth.auth().currentUser?.uid , Auth.auth().currentUser?.email) as a read operation and charge it? I searched the documentation but could not find any information.
No, there is no charge associated with getting current user id or email or any kind of auth information. Firebase auth is completely free except the phone auth. You can have unlimited number of users in Firebase Authentication with email, Google, Microsoft etc.
The charge with reference to the read operations is for Firestore. It is totally separate 'module' than Authentication.
The code you're showing is just working with Firebase Authentication, which does not have any billing associated at all for its API, except for use of phone authentication. This should be clear from the documentation on pricing.
Related
I need to implement a standard user registration/activation workflow with Firebase. There doesn't seem to be an obvious way to implement this. When I say "standard", I mean how most email/password accounts work - not necessarily specific to Firebase. I'm sure you're familiar with this. This is the workflow:
User enters their username/password on a form with some validation and submits details
The back-end creates the user record in the database, but the account remains deactivated (i.e. user cannot authenticate - the activated flag is set to false)
The back-end sends an email to the user with a link to activate the account
The user clicks the link in their email which triggers activation. This is probably a Web API of some description.
At this point, the user record's activated flag ticks over to true, and the user can now authenticate
The link probably also has a deep link that opens the app or navigates to a web page
The user can now log into the app
How do I configure Firebase to do all this?
Currently, the app allows the user to register. I am using the Flutterfire SDK. I call createUserWithEmailAndPassword, which successfully creates the user in Firebase. But, the user is already activated. The user should have a state of "disabled" in firebase until the account becomes activated. I can't find any settings to default the user to disabled when the account is first created.
I also managed to get Firebase to send out an activation email by calling sendSignInLinkToEmail, but this call is really designed for email authentication - not email activation. Opening the link should activate the account, but I have not figured out how to do this. This documentation makes it sound like it is possible. Perhaps, the Flutterfire SDK is missing this? I don't want to allow people to log in without a password. I only want to use this call to send out an email.
What am I missing here? Is this non-standard behavior for Firebase? If so, why? If the user is allowed to use an app with an email address that is not activated, they can impersonate someone else. We need to confirm at least that they are custodians of the email address that they are claiming to have.
Do other Firebase people just not worry about this?
Lastly, I know I can achieve this by creating a collection for users in Firebase and putting an "activated" flag there. But, if I do that, I've got to write a cloud function that accepts the link and then updates the user in the collection based on the received link. But I thought this would be automatic in Firebase. If Firebase doesn't have this built-in, I have to put all the security over the top to stop users from authenticating when they have not yet activated their account.
This is a pretty valid concern. I suppose the way around this is to check whether the signed-in user is verified whenever the app is launched. The User object that is returned from Firebase Auth has an emailVerified flag. Check this page for more details.
Using this flag you can choose to show a different screen or pop-up that has a button to send a verification link to the registered email address. Until the user verifies this address, you can limit access to some of the app's screens if you want.
Please note that I have not checked if this emailVerified flag is true for sign ups using Federated login providers like Google Sign-in and Apple Sign In. You might want to check that out.
I currently creating a flutter app with sign up feature and I want to avoid spamming account so I setted up a phone verification to send a code by sms and fill it into the app when signing up (through twilio api). But I want to check before sending the sms if the phone number is already registred in my firestore collection(auth == null). I heard about firebase rules but I don't really know how to build it to be security compliant. I tried to use linkWithCredential but didn't seem to work. If anyone would have any advices for me ?
Thank you :)
You can write a cloud function to check your database if the phone number exists and return the result to the client.
You can login anonymously in order to have an access to the firebase database.
Also, you can provide custom rules for each collection, so for example, your collection can have free access if you want, but don't do it, use anonymously login instead.
I am working on Google Action for Google Assistant. Our custom Action relies on user's phone number to get additional information from external server.
According to the official guide you can use Account linking with Google Sign-In to get some user information from Google ID token:
name
given_name
family_name
profile_picture
email
locale
I know that you can fill out optional contact fields in Google account like address and phone number.
Does anyone know if Google ID token contains this optional information or no?
The answer depends.
Some basic personal metadata is available through Google Sign-In. With regards to the other fields:
Address
This information is not easily accessible. You can use an in-dialog permission to access the current location, but not the home address necessarily.
If your Action uses physical transactions, then you can get their address in order to ship items. But you shouldn't use this as a way to get the address if you're not shipping items, and such an attempt would be detected during review.
Phone Number
No, this is not something you can readily access. For general things like notifications, Google Sign-In gives you an email address. You also shouldn't ask it in your Action. The review team won't be happy with that, and the voice transcription doesn't work very well for long numerical sequences.
Gender
No, this is not something that is part of the Google Sign-In, and there's no helpers. With regards to asking it yourself, I don't think the review team would have a problem, although you may want to consider whether it's necessary for a good voice design.
No. Address, phone, and gender are not available fields/claims in Google's ID Token (JWT).
See: https://developers.google.com/identity/protocols/oauth2/openid-connect#an-id-tokens-payload
I am unable to to sucessfully to do , I followed the following steps as instructed on Firebase Docs:
Signed in use using existing auth provider(my case:facebook).
Complete the sign-in flow for the new authentication provider up to, but not including, calling one of the Auth.signInWith methods.(my case: i want to link email & password and Google OAUth). So this is the step i'm unclear about, I created a new provider using var provider = new firebase.auth.GoogleAuthProvider(); and I did not do Firebase.auth().signInWithPopup(provider) .
Then to get authcredential for google I run var credential = firebase.auth.GoogleAuthProvider.credential(
googleUser.getAuthResponse().id_token); (I get an undefined googleUser error) this error seems appropriate since I have not signed in using Google Oauth but thats what the 2nd steps states(not to signin)
And then this command to link with the current user who is on a Facebook Provider auth.currentUser.link(credential)
My understanding is that currentUser needs to be linked to my existing Provider(Facebook). It seems that credential variable for google is never computed. Anyone with a functional code example would really help.
If you want to manually link a google and email/pass account to existing facebook only firebase user, you can do the following:
First, the user should be signed in to Facebook.
Link the google user:
var provider = new firebase.auth.GoogleAuthProvider();
auth.currentUser.linkWithPopup(provider);
Then link the email/pass account:
auth.currentUser.linkWithCredential(firebase.auth.EmailAuthProvider.credential(auth.currentUser.email, 'password'))
All these accounts to be linked must be new and not already linked.
#bojeil I have read your question and I found the way to log in both Google and Facebook logins having the same email account. First, in the Firebase, you need to allow
"Multiple accounts per email address"
Allow multiple accounts per email address
Now you can log in with both Facebook having "xyz#gmail.com" & Google having the same email name as "xyz#gmail.com".But you will encounter the email as "null" for the second login having the same email. You can get over the null problem by using the below snippet.
Just use this snippet in on success task from the firebase:
Map profile = task.getResult().getAdditionalUserInfo().getProfile();
Object email = profile.get("email"); /// Obtaining the email from the use though we use same email form facebook and Google log in accounts.
By this way, you can log in into both Facebook and Google logins using the same email.
I hope you got your doubt cleared with this info. Can you please get back to me if this suits your question?.
Thank you.
For my own gmail account, I have multiple email addresses associated with it. For example, I have an email address from my university that is associated with my gmail, and I can send emails from my gmail as if they are coming from my university email address.
I'm reading up on the Google APIs, and I see that I can get a user's gmail address, but can I also get any other email address that is associated with their gmail account?
When a user logs in to my site, I'd like to present them with a list of the gmail-associated email addresses and let them select the one they would like to use.
EDIT: Thanks everyone for the answers, but I don't think any of them answers the question. I've been playing with Google's OAuth playground. It is strange that I can get lots of very personal information (a list of a user's contacts and even received emails) but I can't get the user's alternative email addresses.
Your description is a little vague. Are you talking about send-as alias accounts or alternate email accounts?
Send-as Alias
Either way, you can interact with the send-as accounts here: Manage Send-as Alias
Alternate Emails via Admin SDK
As for alternate email accounts, they can be accessed via:
Admin SDK: https://developers.google.com/admin-sdk/directory/v1/guides/manage-user-aliases?hl=en
Google Apps Script: https://developers.google.com/apps-script/reference/gmail/gmail-app#getAliases()
Additional info here on how the accounts work.
Email addresses associated with your account
Alternate email addresses and other Google products
Connect other email accounts to your Google Account
Federated Login
Also, I'm not exactly sure how you are trying to incorporate this functionality into your site but another area I recommend checking out is Federated Login for Google Account Users. This might also provide you with the functionality you seek.
Using federated login (also known as federated identity), your website
or application can allow visitors to sign in using their Google user
accounts. Federated login frees users from having to set up separate
login accounts for different websites, and frees you from the task of
implementing login authentication measures.
It has been a while since the question was asked. You can use the Google People API to get a user's primary email address and aliases. Here's the documentation. The scope you need to use is: https://www.googleapis.com/auth/user.addresses.read
This will return all the email addresses for the user and also tell you which is the primary one.
If you use OAuth to have your users sign-in with their Google accounts (with or without G+) the user will be prompted (by Google) to select which of their accounts they wish to authorize your application to use:
https://developers.google.com/accounts/docs/OAuth2Login
So to directly answer your question, I'm not aware of an API to return that list of users - however you shouldn't need to, Google will take care of this before returning to your application.
If your user is already logged in, and you wish to give them the ability to change the Google account they are using, I believe it is possible to prompt them again to select the account they are interested in (search for select_account on the link above).
This is possible. However, this has changed since Google announced the deprecation of their Google+ People API, which a lot of folks used to get all the email addresses for a user. The current most voted answer now goes to a 404.
Google Plus People API Replacement
Google has replaced the Google Plus People API /plus/v1/people/me with https://developers.google.com/people/ and you’ll want to use the https://www.googleapis.com/auth/user.emails.read profile scope as discussed here as a replacement. The schema is different, so you'll need to change your mapping as well.
If your app already used the following scopes from the old /plus/v1/people/me your user will not have to re-consent when you switch to the new API:
email
profile
https://www.googleapis.com/auth/plus.login
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.profile.agerange.read
https://www.googleapis.com/auth/plus.profile.emails.read
https://www.googleapis.com/auth/plus.profile.language.read