Change Password with firebase cloud functions - firebase-authentication

I have found documents (Manage Users ** Firebase Official docs) on how to change a password but not how to use a cloud function. The user.updatePassword(newPassword).then(() => { does not work for a cloud function. --> At lease that i am aware of...
My Goal if possible, is to pass the users userid and new password in a similar fashion to the above and have it change. Any examples or firebase doc's i might have missed would be great.
Cheers

Inside Cloud Function you're using the Firebase Admin SDK to access Firebase Authentication, so you can update the user through that to set their password. From that link:
getAuth()
.updateUser(uid, {
password: 'newPassword',
})

Related

Adding “Sign In with Apple” in Expo react native app that uses Firebase auth

I have a react native app that uses Expo (managed, not detached) and that uses Firebase auth to provide Facebook login and email/password login.
I now need to implement “Sign in with Apple” as per Apple’s new rules.
Expo provides a way to do this, and it works, returning the user’s info. But because all users are managed through Firebase auth, I need to take what Apple sends me and pass it to Firebase auth.
The Firebase docs explain how to do this using signInWithCustomToken. But that requires that I create the token. In Node this would be simple, but this app is serverless and I haven’t found a tool that can generate an RS256 token on the client. From the Firebase docs it seems that RS256 is a requirement. I’ve tried using expo-jwt with HS256 and Firebase returns an error that the token is badly formed. But besides using HS256 instead of RS256 I see no other possible problems. The token is encoded and decoded successfully as follows.
const appleJwt = JWT.encode(
{
familyName: 'M',
givenName: 'Greg',
email: 'apple_user#example.com',
alg: 'HS256',
iss:
'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit',
sub: serviceAccountEmail,
aud: serviceAccountEmail,
iat: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + 3600,
uid: appleUid
},
key,
{
algorithm: 'HS256'
}
);
console.log('TCL: loginWithApple -> appleJwt', appleJwt);
const appleJwtDecoded = JWT.decode(appleJwt, key);
console.log('TCL: loginWithApple -> appleJwtDecoded', appleJwtDecoded);
It’s only when I try to use it with Firebase auth that it returns an error that the token is badly formatted.
return Firebase.auth().signInWithCustomToken(appleJwt).then(...
Note that the key and the serviceAccountEmail were retrieved from the firebase console.
I’m wondering if perhaps there’s some simpler solution that I’m overlooking. The community is awaiting word from Firebase on if they’ll provide out of the box login with Apple, like they do for other providers, so maybe I just need to be patient. But I’d prefer to find a solution.
A big thanks in advance for any advice.
Update 2019-10-15
I built a simple node server with an API that my app could use to generate the token with RS256, but Firebase still responds that the token is badly formatted when I pass it to signInWithCustomToken. Can’t see what’s wrong with it.
So, since I had the node server built, I just configured the Firebase Admin SDK and used the provided createCustomToken to generate the token. Firebase accepts it now when I pass it to signInWithCustomToken, which was my problem, so this issue is settled for me. After the custom Firebase sign in succeeds the first time, I write all the user data to Firestore. For subsequent sign ins, it just updates the last login date in Firestore. Hopefully Firebase will still provide their own solution soon too, since having a separate node server just for this is not ideal.
Firebase Auth now supports Apple sign in across all 3 platforms:
https://firebase.google.com/docs/auth/ios/apple
https://firebase.google.com/docs/auth/android/apple
https://firebase.google.com/docs/auth/web/apple
The Firebase team is working on implementing this in the official sdk
https://github.com/firebase/firebase-ios-sdk/issues/3145#issuecomment-510178359

by pass authorization to access google drive

I am shared folder in which does contain nearly 7 other folders. i have got client id and secret key and API key. i want to show all that folder in my application. if i m logged in to google drive.it works as soon i logged out it doesn't work, how can i by pass login screen
function handleClientLoad() {
//console.log(gapi.client);
gapi.client.setApiKey(apiKey);
//checkAuth();
//makeApiCall();
//getFoldersList();
window.setTimeout(checkAuth, 1);
}
function checkAuth() {
gapi.auth.authorize({ client_id: clientId, scope: scopes, immediate: true }, handleAuthResult);
}
Google Drive data is private data it is owned by you and your account. In order for your script to access that data you need to give it permissions to see that data. This is the consent screen you are giving it permission to view the data. Short of possibly setting the Google Drive folder to public and then using a public API key to access drive instead of Oauth2.
There are work abounds but none of them work with JavaScript. If this is the only account you will be accessing I recommend you look into a server sided language like PHP or python and use a Service account. You will have to give the service account access to your google drive by sharing the folders in question with it. This is how service accounts are preauthorized.
Answer: There is no way to do away with the consent screen in JavaScript. Or save your authentication for lager use (Refresh token). Switch to a server sided language.

Firebase Auth linking anonymous auth user with custom auth user

So I saw here: https://firebase.google.com/docs/auth/web/account-linking#link-auth-provider-credentials-to-a-user-account That it is now possible to link user accounts in Firebase. I also saw that Firebase provides the functionality of anonymous authentication, where it creates a user session for a user, without any credentials.
In our application we normally use CustomAuthentication with Firebase, as we have our own authentication service. This works perfectly, and we are able to use the same Auth system in-between systems that use Firebase, and the ones that don't.
Now we got to the point where we wanted to take advantage of the anonymous authentication of Firebase, to allow users to use the apps without registering, and just transfer their details after they log in. So I thought that account linking is what I need. But I can't find a way to link an anonymous account with a custom authentication account. Is something like this possible with Firebase?
I have not found linking between anonymous and custom signIns too, so I just use signInAnonymously and pass it's uid to signInWithCustomToken.
Step 1.
To be able acheive this, you should grab an uid from signInAnonymously function like this:
var uid;
auth().signInAnonymously().then(user => {
uid = user.uid;
});
Step 2.
Save current user data like this:
database().ref(`users/${uid}`).set({ some: 'data' });
Step 3.
Send this uid to your server which returns custom token. On your server you just pass this uid to firebase.auth().createCustomToken(uid) function and send this custom token back. It will contain the uid.
Step 4.
When you receive custom token, you can sign in with it like this:
auth().signInWithCustomToken(authKey);
And that's it. You are signed in with your custom token and can access your anonymous user data saved on the step 2.
I had a similar problem but I believe Firebase does not allow this type of linking because it would require linking two separate firebase user ids: the id of the custom token created user and the id of the anonymous user.
Firebase docs say:
Users are identifiable by the same Firebase user ID regardless of the authentication provider they used to sign in.
So handling linking between two user ID's would cause inconsistencies.
I got around this problem by doing a merge of the data between the two accounts.
For example (from Firebase docs):
// Get reference to the currently signed-in user
var prevUser = auth.currentUser;
// Sign in user with another account
auth.signInWithCredential(credential).then(function(user) {
console.log("Sign In Success", user);
var currentUser = user;
// Merge prevUser and currentUser accounts and data
// ...
}, function(error) {
console.log("Sign In Error", error);
});
Caveat: I've never done this. Have you seen this page? Down at the bottom, under the heading "Email-password sign-in", it lists this code fragment:
var credential = firebase.auth.EmailPasswordAuthProvider.credential(email, password);
You can then (apparently) link the credential like this:
auth.currentUser.link(credential).then(function(user) {
console.log("Anonymous account successfully upgraded", user);
}, function(error) {
console.log("Error upgrading anonymous account", error);
});

Once a user is logged into Firebase with email & password auth can I use google auth to link the users Youtube videos?

I was trying to link/merge auth providers in Firebase but instead, I was wondering if this work around would give me similar results.
Can I log a user in with the Firebase email & password auth and then on their profile page use the google auth so that I can grab their access token to access their youtube videos?
Then when I set the user I will use their password and email but pass in the google uid for future use so that I can access their videos.
// Updated question with code example
So initially, I was just signing users in with google and passing in the youtube parameters so that I could access the users videos. This is my Firebase auth with google function below.
$scope.authWithGoogle = function() {
var scope = {
scope:'https://www.googleapis.com/auth/youtube'
};
Auth.$authWithOAuthRedirect("google", scope).then(function(authData) {
$scope.loggedInUser = authData;
}).catch(function(error) {
if(error.code === "TRANSPORT_UNAVAILABLE") {
Auth.$authWithOAuthPopup("google", scope).then(function(authData) {
$scope.loggedInUser = authData;
});
} else {
console.log(error);
}
});
};
This just authenticates the user and doesn't store anything in the data..I think. So now I was hoping to implement a login with email and password so that everyone could login even if they didn't have a google account.
I was just wondering if I could authenticate the user with email and password and then once they are signed in use this function to allow the user to authenticate with google and link their videos to their account? Then when I set my user data I can save their access token for the videos so that I have access to them later. I was just wondering if this was a possible work around instead of trying to link email and password with a google account or if it is too hacky.
Ultimately if I can log in a user with email and password and then link their google account once they are signed in that would be the desired behavior I am going for but I just haven't been able to find how to do this.
On Firebase Authentication, a user can be signed in to only one identity provider at a time. So they can be signed in to either email+password, or google, in your use-case, not to both.
It is possible to have the user sign-in to Google authentication without using Firebase Authentication and then associate the two yourself. But since this is not built-in to Firebase, there is no documentation on how to do this.

Firebase security with angularfire

I'm new to firebase and angularfire. AngularJS is client side code. Its public to anyone. What prevents a hacker from taking the following firebase reference, and using it in another app?
var peopleRef = new Firebase("https://<my-firebase>.firebaseio.com/people");
$scope.people = $firebase(peopleRef);
I think that Firebase has security rules surrounding who can do what with your data. So, I think you can specify users in your firebase that can have read/write permissions. I have never used them, but you can read about them here: https://www.firebase.com/docs/security/security-rules.html