How do I get user device IDs from Auth0? - authentication

Currently using Auth0 for my application. In Auth0 we are storing the device_ids passed when a user logs in. Using an Auth0 rule, I am currently storing the user_id and other information in a DynamoDB table. I would like to include an array of the devices associated with a user. I have been unable to find how to access that data in the Auth0 docs. Anyone aware of how to do this?

Related

Is it possible to query for users in Firestore?

I see that there's a row for each user in the "Authentication" section of Firestore with their data. Am I able to query for users in this table and add columns, or to create a new collection of users with a one-to-one mapping from user in the authentication section to user in the collection? If it's the latter, is there any way to both create a new user account and create the corresponding document in the collection as part of a single transaction?
Firestore doesn't have an "Authentication" section. Firestore only lets you read and write data into its database. Firebase Authentication is a different product that keeps track of logged in users in a way that's completely separate from Firestore. You can't query users in Firebase Authentication using Firestore. In fact, you also can't even query Authentication using the mobile client libraries (because that would be a possible security hole for your app).
If you want to query for all users in your app, you're going to have to do perhaps arrange for each user to write a document in some collection in Firestore that can be queried by Firestore client libraries.
You can use Cloud Functions with Admin SDK. Make a http endpoint or a http Callable that queries at admin.auth. But this is not a secure. The best way to do that is registering a firestore docuement whenever user is created using functions.auth.user().onCreate

Obtain user information on Actions on Google Through OAuth in AoG?

Account Linking provides several ways of linking users to their own accounts such as their Google account or Twitter account.
I chose OAuth in Actions on Google website to do OAuth 2.0 Authorization Code Grant for obtaining access token in exchange for data resources. When I linked a user to a Google account Google Sign-In enabled, the fetching of user information was easy because the data is stored under payload, but OAuth implementation does not seem like it produces user data under payload inside User object.
So should I make an API call to the third party to fetch the user data and store that personal data to a database in this case? I wondered if there is a way that Google prepares on behalf of developers. If not, then greeting a user who visits my app again by saying 'Hello, {person name}' gets tedious...
You have two options with Account Linking.
In the case you describe, you're providing an OAuth endpoint and getting an auth token from the Assistant, and you are responsible for taking this token and using it to determine who the user is so you can get whatever you know about him. The token is one that you issue and control, so presumably you have that info in your database already. If you are reusing a token from another service, that service should be able to tell you who they are.
It sounds like you're using using a Google Sign In, however, in which case it is easier to use Google Sign In for Assistant. Once the user has signed into your service (either through an app or webapp) and granted permission to your service, then they will also be able to gain access through the Assistant. You will get an id token which can be decoded to get profile information about the user including their Google ID and name.

When connecting to an API do I need an access token per each user using my application?

I'm connected to an API that provides information about cars based on their registration. According to the docs the api can provide both user specific data and general data about the registration supplied.
I am using the connection method which does require specific users data, and therefore does not require me to gain access to any specific users account.
On my end users will visit my application and enter a registration number which I will use to call the API and return all of the information about the car.
Am I right in my thinking that my application is essentially the 'user' as far as the api is concerned, and I will only need to use one access token. I can then use this access token to make multiple API calls (one for each user that searches on my application)?
Or will i need to set up an access token for each user that visits my application and treat them separately.
Only your application making the API requests requires a token, unless the licence agreement/documentation of this car API says otherwise.
As far as your users are concerned, your application is just magically sourcing the registration info from its database.

How to associate data with a user that has been authenticated with Google oauth?

So I am having some trouble figuring out how to implement a sign-in for my app using google oauth. Every example I see shows how to authentication the user, get their permissions and then start using the Google APIs.
I do not care about permission or using Google APIs. All I want to do is have the user sign-in to my app using google oauth instead of having to implement my own authentication system with user and passwords in the database.
After the user authenticates with their google account, then they can change settings associated with their account for my app. What is the flow i need to implement to achieve this?
How would I associated a google user with certain data defined in my own app's database? I have successfully implemented the authentication part but then what would I need to store in my DB to associate them with their actions and data. Would I need to use sessions? and then retrieve their Google+ ID, save it in the database and then use that to identify them in the database for later when they log in again?
any help is appreciated
Once the the server validates the access token, a user account can be created in the database, saving the Google ID along other user details (ID, email, name etc).
If your application also supports normal registration, and an account is already present for that user (matching email), then you can just fill in the (nullable) Google ID column in order to link the account(s).

Passing multiple sessions_key to Facebook API

I'm current developing web-app that allows a user to associate their account with their Facebook account.
I have no trouble getting the users Facebook id/session_key and extended permissions.
What I am having trouble is caching the users data in a single call.
Their documentation for User.getInfo allows multiple uid's to be passed to the API and the basic info returned but I need additional details but it doesn't state mulltiple sessions_keys are allowed.
Is there an alternative or will I just have to take the multiple web request hit?
I tried to use the Batch.run for Facebook but it turns out you cannot pass commands that require different sessions keys.
So I have to take the multiple hits.