How to get the current user id using firebase admin? - actions-on-google

I am working on an assistant app for which I am writing a cloud function which must retrieve the current user data from Firebase database by using the user id. I am using firebase admin and I referred the docs for firebase admin where they've mentioned the way of retrieving user data by using user id but they haven't mentioned how to get the current user id.
How do I get the currently signed in user id?

In order to get currently signed user id, you need to enable Account Linking in your AoG app.
In your AoG settings, enable Account linking with authorization code as grant type. Fill your client information and choose scopes.
Now when a user uses your app, it will ask for sign in, and on your AoG backend, you will be able to get authorization code.
Now using that authorization code you can retrieve the required user id and use that for your firebase admin.
You can find more info for Account linking here.

Related

How to add course completions to user profiles using API for users that have allowed sharing

Working on adding course completion information to users that have authorized our system to write to their profile. Looking at the LinkedIn API, https://learn.microsoft.com/en-us/linkedin/compliance/ it looks this is possible if granted the w_compliance authorization but it doesn't seem to be available in the application setup.
I have been trying to contact developer support email provided but have had no response in the last week. Is there a path or setting that I am not seeing?
How does one get an authentication grant that includes the ability to update user profile course information?

How does facebook token works?

I want to write a process which downloads data about my ads.
Basically this is the code:
https://github.com/airflow-plugins/facebook_ads_plugin/blob/master/hooks/facebook_ads_hook.py
It construct a URI as:
https://graph.facebook.com/v{api_version}/act_{account_id}/insights?{payload}
Where payload contains the access_token, breakdowns, fields etc..
Now, I passed over the facebook dev guide https://developers.facebook.com/docs/graph-api/using-graph-api/ and it doesn't explain how do I get the account_id and the token.
It always leads to a user account that needs to log-in to facebook and then process the request.
I want to build a process that doesn't involve user action. Just download logs about my ads.
How can I do that? Where can I get the account_id and the token.
In other systems like google and other they create a json file with credentials that is used for the outh. there doesn't seem to be equivalent with facebook.
For this type of use case, I would create a System User that is permissioned on all your ad accounts, following this guide. That will allow you to generate a token that can used without user login. (You can do the same for your personal facebook account, but that requires you to pass app verification. This can be done without that.)
Then to get the account ids of all the accounts the system user is permissioned on, query the "me/adaccounts" endpoint, using the access token generated for the system user. The docs for that are here. You can use that to get a list of all the account ids.
Alternatively, if you only need one account id, you can get that straight from the facebook ads manager.

AWS Cognito Switch User to Federated Account

I want to allow users to sign up using either a user-pool identity (email + password) or a Facebook-federated identity.
But I also want them to be able to switch later on: either add Facebook federation if they didn't sign up using Facebook initially, or remove the Facebook link from their account if they initially signed up using Facebook.
Is this possible?
Thanks in advance!
Yes, it is. I'm assuming that Facebook is added directly to the Userpool as an IdP.
Splitting your query into 2 parts:
1. User signs up using username & password. Later, he wants to link his Facebook account
This is pretty easy. Give an option in your UI and use the AdminLinkProviderForUser API to link Facebook/Google account to the user. Now, when the user signs in using this Facebook/Google account next time, Cognito will treat it as the native user & generate token for the same. Of course, the Facebook info will be mentioned in the identities claim. If the user wants to remove this Facebook/Google link later, it is possible using the AdminDisableProviderForUser API call.
2. User signs up using Facebook
This is a bit tricky since Facebook login will automatically create a user in your Userpool with status EXTERNAL_PROVIDER (unlike native users who have CONFIRMED status). As the name suggests, this user can only be logged in using the relevant external provider - Facebook in this case. If the user wants to login using a username password, a new account will have to be created using SignUp API or AdminCreateUser API. Also, this account can not be linked to the previous Facebook account using AdminLinkProviderForUser because a pre-requisite is that no Facebook user with the same details (email etc.) should exist in the Userpool. But at this moment, we have an auto-created Facebook user with EXTERNAL_PROVIDER status.
So, in short, you would have to - create a new user using SignUp or AdminCreateUser API, delete the auto-created Facebook user & Finally link the Facebook account as mentioned in case 1.

login with facebook or google+

Just curious,
In case I want to make application using API for login(i.e Facebook of Google+)
What user's unique key do I stored in my database? Do my apps have same user's unique key as them(Facebook or google+), or they generate a new unique key for my user when sign in my apps? And what type of data is it?
Do I duplicate user's information into my database or keep accessing user's information from Facebook or Google+? Like do I have to create table for user's name, gender, birthday,etc and register user's information once user login to my apps or straight access it from Facebook or Google+ every time my apps needs it?
Is it really safe for user to using login with API? Can someone using API to get user's email and password, or make post in user's Facebook or Google+ that user don't want to post, or hijack user's account?
This might be common case, but I have no experience in using API so I have no idea about that.
What user's unique key do I stored in my database? Do my apps have same user's unique key as them(Facebook or google+), or they generate a new unique key for my user when sign in my apps? And what type of data is it?
When you use Google or Facbook signin you really only need to store the information that they return to you.
LoginProvider ProviderKey ProviderDisplayName UserId
_____________________________________________________________________
Facebook 1969950809700159 Facebook 21248583
Google 117200475532672775346 Google 21248582
User Id is the users id from my user table. Where i store there user information my system needs ProviderKey is the users Id on the login providers system.
Do I duplicate user's information into my database or keep accessing user's information from Facebook or Google+? Like do I have to create table for user's name, gender, birthday,etc and register user's information once user login to my apps or straight access it from Facebook or Google+ every time my apps needs it?
You can duplicate some of it when the user creates or links their account to your system but i wouldn't automatically update it without informing the user you are doing so. Some users dont realize how much information you have access to via linking to social media accounts.
Is it really safe for user to using login with API? Can someone using API to get user's email and password, or make post in user's Facebook or Google+ that user don't want to post, or hijack user's account?
I think you are confusing identity for Authentication. Using Oauth2 you request a user to grant you access to see there data though an api this is authorization. If you are using Google+ or facebook signin you are using an identity server and signing in as the user. You should be using signin if you want them to login to your system using their social media accounts. By singing in you are that user. No I dont think they can be hijacked using signin.

How to use Amazon Cognito with Facebook Authentication?

I just started to learn AWS MobileHub and Cognito feature. I have a project which only required sign-in with Facebook.
In generated sample code I can see the process for user login and everything works fine. I am asking for a public_profile facebook permission and I must have access to user's email address. Now I want to store user's email address and retrieve it every time user login.
Do I need to save this data in dynamodb or cognito
I was wondering federated identity is what I need or I need to create a new user pool?
How can I get user's email address. Can I access it through AWS libraries or I must call the user's graph and ask for these information?
Can I save these data in [AWSIdentityManager defaultIdentityManager]
Is there any sample app displaying how to save information comes from facebook.
What I can see now is AWS got the userName and photo and ID from Facebook. But I can not see where these information come from and where they set up. Do I need to create a new pool and add attribute to that pool? Is there any sample app code with more detail regarding Facebook login?