My Ionic 3 mobile app i'm currently building allows login with firebase using both Email/Password and Facebook providers.
Everything's working great - but when the user logs in, in order to have a 'remember me' function that prevents them having to log in every time the app is closed (closing the app fully, or the system kills it), i need to be able to get some sort of token, store it, then use it later to take them straight past the authentication screen.
I've managed this already, but currently i'm storing their email and password, and i know this is a horrible thing to do. (I'm using Ionic Storage).
Is there a way to get a token that represents a user, and can be used to re-authenticate them?
I know about custom token logins, but they can only be created in NodeJS using the admin SDK - is there any solution i can run directly on the phone?
Thanks.
Related
I am developing a web-app that uses Firebase (web client JavaScript). For authentication, I am trying to implement sendSignInLinkToEmail to sign in a user. But, I’m facing an issue.
Suppose the user is trying to login on his desktop and uses his phone for verification, I want to redirect him to the dashboard on the desktop after verification. How can I do this?
Ref: https://firebase.google.com/docs/auth/web/email-link-auth
const actionCodeSettings = { url: 'dashboardURL', handleCodeInApp: true }
This redirects to the dashboardURL on the phone (device used for verification), but I want to redirect on the desktop (device that initiated the login flow).
Firebase Authentication does not natively support this. You'll be logged in on the device where you open the link. You'll have to build this functionality yourself and a simpler approach would be to use Cloud Functions and Realtime Database.
The flow would be like:
User clicks on "send link" and is redirected to a page that listens for updates in realtime database at a key (randomly generated session ID depending on your requirements).
When a logs in on another device, call a Cloud Function that generates a custom token for signing in and then emit it the first device via realtime database.
Log the user in with signInWithCustomToken().
This is just a simplified version of a system that might use websockets, session Ids and additional factors for security. You can also use Firebase Anonymous authentication to ensure only that user can this token using security rules.
I have a scenario and looking solution for that. I am working on an application and Using Firebase to create and authenticate the User. In my app, basically two types of users (1.User & 2. Vender) and User can signIn on app but vender need to login on web panel. We are using firebase default method (.createUser) to create user and it's already working.
Now I wants to create Vender profile too in same app but Vender can login only on web app and user can login on Mobile app.
Is it possible ? If yes then please guide me that how it's possible ?
Thanks in advance.
This is a fairly open-ended question but I think it comes down to two things: determining the user type (vendor or user) and detecting what platform they are signing up on.
Both are pretty easy.
Heres's the structure which leverages a /users node to store additional info about the user. From Storing User Data
users
uid_0
name: "William:
type: "vendor"
uid_1
name: "Leonard"
type: "user"
and then when the user attempts to log in, the app checks their user authentication, which will result with authData.uid being populated.
Then it would look up the user via authData.uid and check the user type. If it's a Vendor, display a message to the user that they must log in via the web portal, and don't proceed into the app.
There's a 100 other ways to handle this - setting up a Vendors Node and a Users node for the app to auth against to having them select Vendor Or User before entering their authentication credentials.
I have an electron app and electron apps don't allow firebase auth by default.
Therefore, what I want is that I'll develop a web app which will be hosted on a server.
User will open the corresponding URL and will login there via firebase auth.
Now I want that user should copy something like ID token or Refresh token and should paste in the electron app and he/she should get logged in there too.
Is it possible?
If yes, then how? any example please?
As much as I researched, I found out that firebase ID tokens do expire within a short duration let's say 1 hour.
And there's no way to get the refresh token.
Please help me, I'm struggling with this since many days and my app development is obstructed due to this.
If this is not possible, then please guide me that what should I do?
I am trying to use a 6 digit code to log-in a user.
The code is available for 20 seconds and is unique to every user.
Briefly explained:
User is already logged in on a mobile app
User press the button "Get Unique Code"
Then, user enter the code on a WebPage on his PC
If the code is correct, show data for that user
What am I asking is if there is way to properly authenticate the user who introduces that code correctly given that I have the userID and all the informations about the user?
I can try and "fake log-in" (display all the information for that user when the code is correct) but there are some issues with this and I would like to avoid it.
I am using Firebase Authentication and Firebase Firestore. JavaScript is used for Web.
You can implement any authentication scheme you want by creating a custom provider for Firebase Authentication.
See Authenticate with Firebase in JavaScript Using a Custom Authentication System and Creating Custom Tokens with the Admin SDK.
In this flow you:
Sign in the users yourself.
Create a custom token for those users in a trusted environment, such as a server you control, or Cloud Functions.
Pass that custom token to Firebase Authentication, which can then use it to identify the user, and secure access to Firestore, Storage, and Realtime Database.
I got the error when trying to get an access key for one of our APIs.
"AADSTS65001: The user or administrator has not consented to use the application with ID '{GUID}'
First, I was trying to prompt=consent during login, thinking that I had new consents that weren't prompted during login. And I got the following error.
"AADSTS65005: The application '{GUID}' asked for permissions to access a resource that has been removed or is no longer available. Contact the app vendor."
I removed prompt=consent and started fiddling with the permissions in Azure, and now I was stuck on the same error.
I changed everything as it was, but I still get the error. However, this only happens to my user. Everyone else can still log in without problems.
So my problem is actually in two parts:
The first error when trying to get an access token for the API.
Somehow I need to prompt the user with consent, but I am using adal.js which uses a silent retrieval of the keys using an invisible iframe. I want the support to be when the user logs into the web app.
Is this possible?
My user can't log in to our web app anymore. Everyone else can. Did anyone encounter this before?
The product is a SPA Web App written in React, and we use adal.js (adal-vanilla) as a library for authentication to Azure AD.
Update
I finally got some stuff working. Not all the way, but at least it's a start.
The problem with this is that users registered on other tenants (this is a multi-tenant app) don't get consent to use the API. These users get the error. However, I registered a user on the same tenant, and everything worked as intended.
Problem two was solved by removing all the permissions, adding them one by one, and testing in between. Somehow this worked after two-three tries.
The problem is that users from other tenants don't get a consent prompt to access the API.
Somehow the issue got fixed, I'm not 100% sure how or why but here are the steps I performed to fix it if someone finds themselves in a similar situation:
Ensure that all permissions are correct (APIs are added as delegated permissions to the client)
All services (web app & apis) are multitenant
Update manifest with:
"availableToOtherTenants": true,
"knownClientApplications": [
"{client app application id}"
],
(availableToOtherTenants was false for the API even though it was marked as multitenant in the settings)
The consent might be possible to fix with prompt=admin_consent.
As for the second problem, you can add your web app as a known client application of the API. This will allow simultaneous consent when the user authenticates to the web app.
To do that, find the API app registration in Azure Portal's Azure AD blade. Then open its manifest (there is a Manifest button on the app blade). In there should be a "knownClientApplications" property. Add the client id of the web app in the array and save the manifest.
E.g.:
"knownClientApplications": [
"bda6ffff-ffff-ffff-ffff-ffff8bf8c57f"
],