I'm currently using the Firebase SimpleLogin with Email/Password authentication for my application but would like to let the user create a custom login name (similar in function to a Twitter handle), which can be used to authenticate the user as well, in addition to the email.
Is there a way to perform the aforementioned functionality with the Email/Password SimpleLogin or do I need to roll my own using Custom Login?
Thanks!
-Tony
Related
I have my own Users page in my application where user Admin can create a new user.
I do not want to let the user sign up by himself, but have the admin of the system add this user.
What do you think the flow for that should be ?
I thought about:
create a new user with username and temp password in the users page.
The user gets an email and presses a link to confirm the email.
The user goes to the login screen of my application and inserts the username and temp password.
the login page changes to Change password so the user will insert the password and confirm the password for him.
when pressing login the user logins to the system.
I cannot find a best practice for adding a new user from a built-in users page in the app.
Do you think my flow is reasonable?
Do you have any code that I can use for that?
This is pretty close to the flow which Cognito has for admin-created users by default when using the Amplify UI Authenticator component. The only difference is that the temporary password is sent to the user via email, so the admin never needs to see it.
To achieve this, you need to use the AdminCreateUser action. The way you do this will vary depending on the library you're using to communicate with Cognito. If it's Python, you can use boto3. If it's JS, you can use the AWS JS SDK. (Sample code in this GitHub comment.)
It's not required to use Amplify UI, you could write all the pages yourself. But it works well with very little effort and looks quite professional. So it should be the first thing you try. Here's another answer providing sample code for React.
I'm using ASW Cognito for authenticating users. Cognito has a well-documented flow to handle users who have forgotten their passwords.
How do I handle users who have forgotten their usernames? Is there a built-in flow that lets the user enter their email or phone number, and then receive an email or text with their associated username? I found the ListUser API, which returns all the users in a userpool. I could write a Lambda function that filters through all my users, looking for a match on email or phone number. But this seems like overkill.
Unfortunately, there is no default out of the box workflow of "Forgot Username".
I am implementing similar workflow. We ask user for their registered phone number/email, and we retrieve username based on that number and send it to email/phone according to configuration. If user is configured to use email and phone both, we send SMS to phone if user forget username (which is email id they used during sign up).
One major drawback of this approach is that, we need to provide ListUsers API call access to anonymous user which is a potential security issue but can't seem to find any other way by which we inform user about their login details.
For those, who are looking for the solution, don't give the anonymous user access to ListUser API as suggested in the accepted answer.
There are two ways to implement 'Forgot username flow'.
Enable email as an alias for your Cognito User Pool:
Calling this API causes a message to be sent to the end user with a
confirmation code that is required to change the user's password. For
the Username parameter, you can use the username or user alias. The
method used to send the confirmation code is sent according to the
specified AccountRecoverySetting.
https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html
The user will be able to reset the password with their email and code delivered to provided email address. If you still want to remind the username, you can use Lambda trigger to generate the password reset email with both username and verification code.
Use the backend (web server or lambda) which will receive the email address as an input to the 'Forgot username flow'. The backend will have permissions to invoke List Users API (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html) and will perform user lookup using the email. You now can go into Forgot Password flow using the retrieved username. Lambda trigger will be used to generate password reset email with username and verification code.
You can protect this API from abuse using WAF and/or captcha.
Im trying to add google oauth2 as my login method in superset. Users cant register by their own, the system admin must provide access for the user deppending on permissions/role.
When a annonymous user loged in, the system must check if the user email exist and what role is applied to him and show the user profile
I already have the google oauth2 linked in superset, i can click in the login google button the login pop apears and enter the email and pasword of an google acount. But when the login is done, it apears a message saying that the user is not authorized.
Login Page
After Login, with console error (page stays loading...)
The question is how i can associate an google user to a superset user, or register an user by this google oauth2 method with the respective role?
One thing you can do is set Flask App Builder's AUTH_USER_REGISTRATION = True and
AUTH_USER_REGISTRATION_ROLE = "some_default_role".
Then if you want to alter the registration flow, I'd recommend setting your own SecurityManager and overriding BaseSecurityManager.auth_user_oauth . I'd copy the source of that method and alter it.
I'd be great if FAB had a pre_registration hook in BaseSecurityManager for this purpose. Maybe it could receive the User object FAB is planning on creating (before it gets created) and could return a list of roles, or None if we want to abort the registration process.
So I am having some trouble figuring out how to implement a sign-in for my app using google oauth. Every example I see shows how to authentication the user, get their permissions and then start using the Google APIs.
I do not care about permission or using Google APIs. All I want to do is have the user sign-in to my app using google oauth instead of having to implement my own authentication system with user and passwords in the database.
After the user authenticates with their google account, then they can change settings associated with their account for my app. What is the flow i need to implement to achieve this?
How would I associated a google user with certain data defined in my own app's database? I have successfully implemented the authentication part but then what would I need to store in my DB to associate them with their actions and data. Would I need to use sessions? and then retrieve their Google+ ID, save it in the database and then use that to identify them in the database for later when they log in again?
any help is appreciated
Once the the server validates the access token, a user account can be created in the database, saving the Google ID along other user details (ID, email, name etc).
If your application also supports normal registration, and an account is already present for that user (matching email), then you can just fill in the (nullable) Google ID column in order to link the account(s).
I am trying to create an app with SQL database connection. Like other apps, user should have the option of both custom register(email,password) and facebook login.
If user choose custom login thats fine, but if user choose facebook login my app would be able to retrieve email from facebook yet no password.
In most apps if you choose facebook login, after login with facebook you never deal with register and logging again (Single sign on, and access token).
But How other apps let user register without choosing a password? Do they let password field null in database (that doesnt seem feasible)? Or do they create a random password for user and save it to users device? What if user logs out or delete their facebook account and wants to login to my app, how would they login without password since in first place they have chosen facebook login?
I know multiple question but they are all related and I am having a difficult time understanding that simple task.
Thanks
M. Fustang
In general if you allow people to register using Facebook, you can force them to set their username and password for this website on first time they log in. And simply store user's id from Facebook as a column in users' table together with username and password provided by user. And then allow them to login using this user/pass data for your website or using Facebook. This will allow your users to log in even after Facebook's account removal.