I am completely new to Flutter/Dart so pardon my lack of knowledge.
I am trying to set up a login page in my app. I would like to use Firebase Auth as it supports a wide range of authentication options. However, I want to start with Facebook for which I am using the following different dart plugin
https://pub.dev/packages/flutter_facebook_login
I don't think the official flutter plugin for Firebase auth does not support Facebook login yet. My plan is to somehow combine the two to get the following
Use the flutter_facebook_login plugin to perform the login using facebook and get facebook access token
Pass the facebook access token to Firebase Auth to register a user from a custom token
However, when I pass FB access token to Firebase Auth, I get an error that the access token is malformed. Has anyone done this before?
I want to use Firebase Auth to persist the user's login session as long as possible and when the access token runs out use the refresh token to get a new access token. This will essentially mean that once the user logs in using Facebook, they will be permanently logged into my app.
Related
Is there a way to share anonymous user sessions with Firebase Auth?
What I would like to is to get the current id token:
final idToken = FirebaseAuth.instance.currentUser!.getIdToken();
Then, use this idToken to authenticate the same anonymous user in a different app.
FirebaseAuth.instance.signInWithToken(idToken);
With signInWithCustomToken() method, you can use a custom auth token to sign in a user on different website. As documented here
Firebase gives you complete control over authentication by allowing
you to authenticate users or devices using secure JSON Web Tokens
(JWTs). You generate these tokens on your server, pass them back to a
client device, and then use them to authenticate via the
signInWithCustomToken() method.
You can create a custom token with the Firebase Admin SDK, or you can
use a third-party JWT library if your server is written in a language
which Firebase does not natively support.
The Firebase Admin SDK has a built-in method for creating custom
tokens. At a minimum, you need to provide a uid, which can be any
string but should uniquely identify the user or device you are
authenticating. These tokens expire after one hour.
After you create a custom token, you should send it to your client
app. The client app authenticates with the custom token by calling
signInWithCustomToken()
Also check out these links for more information and examples:
Authenticate with Firebase Using a Custom Authentication System
Firebase auth - login user from app in website
How to use the same firebase anonymous user in a flutter app
We are managing the user's Google calendar using google calendar APIs in the server. So we are getting the user's Google access token using the flutter google_sign_in library.
_googleSignIn.signIn().then((result) {
result!.authentication.then((googleKey) {
print(googleKey.accessToken);
print(googleKey.idToken);
})
})
It returns accessToken and idToken. But this access token will expire in 1 hour. We need this access token in our server to manage the user's calendar.
So we need a refresh token to get a new access token once it expires.
But there is no solution found to get a refresh token from the google_sign_in library.
Related discussions
(1) There is one approach to silent login every time the user is opening the application, but it is not feasible in our use case. Because we will have some scheduled calendar action in the server and we cannot expect the user to open the app every hour.
(2) This google doc Using OAuth 2.0 to Access Google APIs mentions that by using a refresh token we can get a new access token. But from the flutter app, we could not find any ways to get a refresh token.
(3) Some GitHub issues like this have some discussions, but nothing seems to be useful in getting the refresh token from a flutter app.
So it will be great If someone suggests a way to get a refresh token from a flutter app or any other possible workarounds for this situation.
I am trying to connect Instagram to my app. The users will not be able to use the app without connecting to Instagram, therefore I technically need Instagram auth. But Facebook states the following:
Note that Basic Display is not an authentication tool. Data returned by the API cannot be used to authenticate your app users or log them into your app. If your app uses API data to authenticate users, it will be rejected during App Review. If you need an authentication solution, use Facebook Login instead.
So I had to implement a Facebook login. After Facebook login is complete, I am sending the user to Instagram auth window for a second authorization which feels weird for a user.
The other solution that I can think of is the following:
Use Instagram's user_id that is retrieved after Instagram auth and use it to create a custom auth method with Firebase. (I believe this would be rejected at app review)
What is the correct way to achieve this?
Sources:
Instagram auth: https://developers.facebook.com/docs/instagram-basic-display-api/reference/oauth-authorize
Firebase custom auth: https://firebase.google.com/docs/auth/web/custom-auth
NOTE: Facebook login has "instagram_basic" scope but that doesn't allow me to get instagram info or media of normal users (non-business accounts)
I have an Ember.js app using Ember Simple Auth. The API returns an auth token on successful sign in with email and password. I'm trying to add Facebook Login using their Javascript SDK. Upon successful sign in with Facebook, I would like to post the Facebook access token back to our API, so that the API can store the access token and respond with our own auth token. However, I'm not sure how to connect this to Ember Simple Auth so that the auth token can be stored outside of the normal email/password sign in. What do I need to do in order to make this work?
The dummy app in the repository implements the exact functionality you're describing (except it uses torii instead of the Facebook JS SDK). If you're using Rails on the server you might find the RailsApiAuth engine helpful that already implements the server part for the Facebook auth code flow.
I need to obtain a facebook page access token on the server.
From what I've read to obtain a page access token you must first obtain a user access token with the manage_pages permission then make a separate call to "me/accounts" to get the page access token.
The problem with this is the application I'm developing will automatically be publishing content to a Facebook page from the server. That being said obtaining the user access token from the backend is a problem.
Ideally I would like to programmaticly obtain the user access token then the page access token completely on the backend for the ability to automatically publish content to the page.
Any suggestions on how this can be done from the server side?
Thanks
It is not possible to get page access_token without authentication of user and manage_pages permissions granting.
Authenticating as a Page guide states:
First you need to authenticate a User, and obtain a User Access Token. To do this, please follow the server-side or client-side auth flows for the mobile web and desktop web, or the native iOS or native Android authentication flows.
Refer to Authentication documentation and Authenticating as a Page guide for details.