I'm trying to manage user account by BIM 360 API.
I could add user by the api but I don't know how to switch the status "not invited" to "active".
Please tell me if you know about it.
Unfortunately this functionality is not available from the API, the activation of the user needs to be performed by the invitation sent to the user added to the account.
Related
I need to implement a standard user registration/activation workflow with Firebase. There doesn't seem to be an obvious way to implement this. When I say "standard", I mean how most email/password accounts work - not necessarily specific to Firebase. I'm sure you're familiar with this. This is the workflow:
User enters their username/password on a form with some validation and submits details
The back-end creates the user record in the database, but the account remains deactivated (i.e. user cannot authenticate - the activated flag is set to false)
The back-end sends an email to the user with a link to activate the account
The user clicks the link in their email which triggers activation. This is probably a Web API of some description.
At this point, the user record's activated flag ticks over to true, and the user can now authenticate
The link probably also has a deep link that opens the app or navigates to a web page
The user can now log into the app
How do I configure Firebase to do all this?
Currently, the app allows the user to register. I am using the Flutterfire SDK. I call createUserWithEmailAndPassword, which successfully creates the user in Firebase. But, the user is already activated. The user should have a state of "disabled" in firebase until the account becomes activated. I can't find any settings to default the user to disabled when the account is first created.
I also managed to get Firebase to send out an activation email by calling sendSignInLinkToEmail, but this call is really designed for email authentication - not email activation. Opening the link should activate the account, but I have not figured out how to do this. This documentation makes it sound like it is possible. Perhaps, the Flutterfire SDK is missing this? I don't want to allow people to log in without a password. I only want to use this call to send out an email.
What am I missing here? Is this non-standard behavior for Firebase? If so, why? If the user is allowed to use an app with an email address that is not activated, they can impersonate someone else. We need to confirm at least that they are custodians of the email address that they are claiming to have.
Do other Firebase people just not worry about this?
Lastly, I know I can achieve this by creating a collection for users in Firebase and putting an "activated" flag there. But, if I do that, I've got to write a cloud function that accepts the link and then updates the user in the collection based on the received link. But I thought this would be automatic in Firebase. If Firebase doesn't have this built-in, I have to put all the security over the top to stop users from authenticating when they have not yet activated their account.
This is a pretty valid concern. I suppose the way around this is to check whether the signed-in user is verified whenever the app is launched. The User object that is returned from Firebase Auth has an emailVerified flag. Check this page for more details.
Using this flag you can choose to show a different screen or pop-up that has a button to send a verification link to the registered email address. Until the user verifies this address, you can limit access to some of the app's screens if you want.
Please note that I have not checked if this emailVerified flag is true for sign ups using Federated login providers like Google Sign-in and Apple Sign In. You might want to check that out.
Currently, I am working on a Flutter project application which is a tricycle booking system. When a user has canceled three times(equivalent to life points), the user shall not be able to use their accounts for a few days meaning their accounts are suspended for abusing the cancel functionality. How do I implement this idea/functionality wherein I am using a Realtime Database from Firebase. Thank you!
you can prepare a flag in the user object.. a status flag.. that indicates if the user account status is allowed or not.. and when the app starts you can check that status flag.. if it says true.. user can login.. if it says false, you can show a screen saying account denied.
I am new to the sage 50 and not able to find any proper documentation on this. I have created account in sage 50 also registered developer and have developerId and applicationId. According to this documentation "http://qa-developer-portal-50cloud.sageaccountantscloud.com/how-to/" created passcode but not able to find the option in account to use this passcode.
The passcode needs to be entered into the Sage 50Cloud application in:
Settings->Sage Data Integration Settings->Add Integration
This should then send a call back to your application if you have registered the callback url or an email to your developer account if you have not.
In the docs, the sign in functionality looks like this:
app.intent('Default Welcome Intent', conv => {
conv.ask(new SignIn('To get your account details'))
})
However, I can't find how to force logout a user who just signed in. Anyone help me please? Thanks.
"Logging out" of an account linked with Google Sign In is tricky, particularly if you're using voice matching as well, since the account sent to the Action is the same account as the one you setup the Assistant device with.
You can go to https://myaccount.google.com/permissions and remove permission from the app/Action/project. Once you do this, the Action will no longer get your user information. (This isn't Action specific - it is a core component of Google Sign In across all platforms.)
The other alternative you have is to reset your Assistant device and set it up with a new account. Then when you go to the Action with this reset device, the account won't be linked.
A explicit sign-out function does not seem to be available. However, this can be a good design decision as the user should be logged in to a particular service "as long as possibly allowed". Therefore, when releasing your apps to production, consider looking at the validity of the access_token and refresh_token on your authorisation server to control the "login period".
So I was able to test CreateAndSend Successfully in sandbox, and have now moved my credentials to the live versions.
I created a new business account for using the live version, and have gotten my api credentials for it.
Replaced API ID,PASS,SIGNATURE with those credentials.
Connecting to svcs.paypal.com/Invoice/CreateAndSendnvoice.
and an error I'm getting back is user is not allowed to perform this action.
I set the merchant and payeremail to my email (I tried the paypal email and then the api1 email)
I was wondering if my paypal account needs to be verified to do this API call.
Thank you.
Make sure that you have a live app id and that it is approved for this feature.
Following up on this. Having my business account verified fixed the "user is not allowed to perform this action" problem I was having.