Using Admin-sdk, Is there a way to delete a particular provider from a user record in firebase?
For eg:
Assume a given user has the following providers linked to his account
password
google.com
facebook.com
Say, I would like to revoke the user's ability to login via facebook to his account. Can this be done using admin sdk.
I could only find an api to unlink a provider (which is client side api. This will require the firebase-issued-idToken of the user).
I don't think there's an API to unlink a provider in the Admin SDK. It does exist in the REST API, but there too it seems to only exist for the current user.
But I also don't think it would help much, as the user can always call the API to link that provider with your configuration data - even if your application code doesn't. So while it is useful to be able to unlink a provider from your code, it won't be a permanent revoke, which seems to be what you're after. That would only be possible for all users by disabling the Facebook provider completely.
Not sure when this ability was added in admin sdk, but it seems in version 8.1.0 you can achieve this using the following:
UserRecord.UpdateRequest updateRequest = new UserRecord.UpdateRequest(ssoId);
// remove/unlink social login providers
updateRequest.setProvidersToUnlink(Arrays.asList("google.com", "facebook.com", "apple.com"));
FirebaseAuth.getInstance().updateUser(updateRequest);
Related
With Firebase's Admin SDK, I want to allow a user to login (verify the user with my Firebase instance) without any JavaScript on the front end. Just an old fashioned POST, with the form data in the request body.
Then in node (server side) verify the email and password on the back-end, retrieve a token, update the user's session, pass back a cookie, etc. I've been digging around various examples and the Firebase Admin SDK docs but have not found an answer.
I can do it if I run the non-admin-SDK Firebase module, in node, but this seems like an odd approach to me, especially as I need the Admin SDK for some other things.
I could see why they want to force a "triangle" approach like say payment auths use.
Authorize with Firebase on the front end and pass a token to the back-end.
Not allowing the password to possibly be sent or stored on the node server unencrypted.
But I want to pass as little JS to the client as possible and I want my site (MPA) to be progressive (not need JS). It seems odd they would not address this in their docs. Other than in some explanation of how to write one's own validation or integrate with another.
If anyone can describe how this can be done or what the recommended approach is, I would be very happy.
Firebase's Admin SDKs are designed to be stateless, so don't have a concept of a current user. The recommended approach is what Firebase Authentication does, sign in on the client and pass an ID token with every request/connection to establish the identity of the user.
If you don't want to use Firebase's SDKs in your client-side application, you can call the REST API. I'm not sure if you can construct the right call with a FORM post though.
Also check:
Sign in with Firebase-Admin using node.js, the main answer is the recommend approach.
How to authenticate an user in firebase-admin in nodejs? shows how to sign in a user in Node.js with the regular/non-Admin SDK. This is probably closest to what you want to accomplish.
In the company I am working for, we provide a solution for other companies, and we want each company to have a separate instance of that solution, this includes a separate database instance, the database is Firebase, this choice of creating a new separate instance is required due to data privacy laws of the country we work in.
I am working on a script that when triggered by the new client SignUp, it starts the creation of new solution instance, including the creation of the new Firebase project, and I am using firebase-tools CLI and gcloud CLI.
The project creation happens correctly, and the admin account is created, the only remaining thing is to allow the admin to be able to login to the new Firebase project. This is usually done manually from the Firebase web console, by enabling a login provider, an Email&Password login provider in my case. This part of the process is so not automated, because I can't find the command that I should pass to Firebase-tools or gcloud ClI to enable a login provider in a Firebase project.
What is a command that you can pass to Firebase tools or to gcloud CLI , to change firebase project confguration to enable a signin provider ? signin usng Email&Passsword in this case .. Or is there a way to do it programmatically using Google client libraries ?
From looking at the REST API for the Google Identify Platform, I don't immediately see a call that shows email+password authentication. Unless I'm overlooking something this means it might not be possible to programmatically enable this provider through a public API.
From checking what the Firebase console does, it seems it handles the provider configuration through the https://identitytoolkit.clients6.google.com/admin/v2/projects/<projectid>/config endpoint, but I'm not sure that is part of the public API.
This seems possible now via Identity Toolkit API. The v2.projects REST resource has updateConfig method, and the Config contains SignInConfig which have the Email property.
I have a web application setup to handle webhook requests from an Actions-on-Google/Dialogflow application using the Google Assistant. Users don't need to sign-in to a google account in order to use my web application and I'd prefer to keep it that way, so that users can sign in with any email address.
I also want my users to be able to interact with my application using the Google Assistant, and be able to access personal/contextual data via the assistant (i.e. when a speaker says, "what's on my shopping list", the web app needs to be able to know what my means).
Currently, I have this working by using my web app to issue a unique short code to my user (in the web app UI) and then with an intent on the Assistant where the speaker says "My code is 1-2-3-4" and then my web app can identify the user from then on (by saving the userId from the webhook request to whatever user got the short code 1234 and then using that userId to lookup the user on each subsequent request.)
My question is, is there a better way to do this? Ideally, in my web app, I'd like to have something like an "Authorize Google Assistant" button, which would then link the user's google account to their web-app account, so that the conversation on the Assistant is seamless.
Has anyone done this before?
Thanks
This is the perfect use case for Account Linking with the Google Assistant.
From your users' perspective, they will start to use your Action. If they're doing so through a speaker and they haven't linked the account yet, they'll be directed to a mobile device to do so. On a mobile device, they'll be redirected to a page on your website where they will been to authenticate themselves and authorize your server to let them in through the Assistant. Once they have done so, they won't need to log in again, the accounts will be linked, and they'll be able to use the voice Action without further obstruction.
From your perspective as a developer, you'll need to setup an OAuth2 server (I suggest the code flow). That login process I mentioned is the first step in the OAuth dance, and will end up with you issuing a code to Google. They will then exchange this code for an Auth Token (with a limited lifetime) and a Refresh Token (which does not expire). They will periodically use the Refresh Token to get new, valid, Auth Tokens for this user. When the user issues a voice command, the Auth Token will be passed as a field in the JSON to your fulfillment server, and you can use this to verify who the user is and that they are authorized to use your service.
I have a simple question that I can't solve with the resources about moodle and LTI.
I want my users to login into their App with moodle credentials (as often done with e.g. "login via facebook") - is my app the consumer or the provider?
I first thought the app is the provider but some points make me question that:
No, I do not want to start the app from within moodle.
No, I also do not want to embedd my app content in moodle.
I just want the users registered in moodle login to an app with their moodle username and password
All content I found on LTI provider assumed the opposite of point 1 and 2.
However, I also found that moodle can be a provider itself. It has been shown to be embedded in an external application. But in my understanding, the consumer is responsible for authenticating the login (which is opposite to point 3).
Am I missing something, that makes it so hard to see the soution here?
I found Atomic Jolt's try_oauth repo will do exact what you want. It also has an excellent code along video which explains the workflow really well.
You navigate to the app and it opens up a Canvas authentication page and grabs the users credentials.
https://github.com/atomicjolt/try_oauth
Hope that help.s
There is a plugin for moodle which makes it a oauth2 provider. You could use that to allow authentication in your app with moodle credentials.
https://github.com/projectestac/moodle-local_oauth
I followed the Firebase documentation to implement multiple authentication providers (Google and Facebook), and I am with the problem that I do not know how to solve.
Assuming my new User has Google providers and facebook with different emails is possible to perform the following login flow ?.
User enters the first app and resolves login with your Google account
Firebase create an account and link Google her provider.
The user exits the application.
User again performs login to the app, however this time he chooses the Facebook provider (which has different email Google).
firebase links the Facebook provider the account that is already linked to Google provider.
The Firebase documentation has a complete page dedicated to account linking. The samples in the page link to a Github repo where you can see the code in the context of an entire app that demonstrates it.
There's little use in use replicating the documentation here. If you're having trouble making a specific step work, share what you've done and the minimal code that shows where you are stuck.