I'm trying to figure out how the authentication process works using java, postman and sql. I have a study case where I have to authenticate a token first, have the ability to import and export from and into local database. I don't know where to begin between designing first or creating local database(basically i'm lost)
Related
This is a follow-up question from Firebase Multiple Accounts are signed at the same time
So, I want to create a web application using Firebase Authentication, where a user can switch between multiple accounts. The solution to that problem is linked here: https://stackoverflow.com/a/55905698/16925281
From the provided solution, we can get the Firebase credentials for any account and use it to switch. However, how can I safely store the said credentials at Client Side (Preferably, in ReactJS)?
Im develop a app. I'm using firebase and flutter.
But now i would change from firebase to my own database (node.js).
Here my question:
Is it possible to use the firebase user authentication with my own database?
Or need i host a own smpt server to send the verification emails?
Is it possible to 'keep the user login' without firebase?
How i can do that?
If you have any question to me feel free to ask me.
Many thx (:
Yes, you can use Firebase Authentication with your own database, or other backend service. You will need to implement your own server-side code that verifies the ID token from the client, and then ensures that the client is authorized to perform the operations it requests.
Im watching this tutorial that uses the firebase client library in cloud functions to authenticate users. I am starting to doubt wether this is the right approach. Should I do all the authentication in the react app instead? The tutorial explains that the benefit of doing everything server side is that it decreases the amount of things the user has to download to run the application.
That being said, Im having difficulty getting the client library to work with typescript which makes me just want to scrap it. How should I proceed?
It is generally better practice to host authentication (and especially authentication logic) in the back-end, if not for performance, definitely for security reasons.
That said, you can avoid using cloud functions for this authentication with firebase! Here is an alternative super simple video tutorial you may like instead from Fireship: https://www.youtube.com/watch?v=zQyrwxMPm88. The Google Firebase YouTube channel also has many videos on the subject.
Cloud functions are useful for when you want parallel action to be taken in the back-end during or after login, while the useAuthState() react hook is great for when you want parallel action to be taken in the front-end during or after login.
so my view on the best approach to solve this on Firebase is to either:
A) Use the Auth Firebase SDK for your client to create users and sign in users,
B) Do it with the Auth REST API
The end result is the same, you get your users into Firebase and you can sign them in and get their auth tokens. The SDK runs on the client, the REST API runs on the server. Once that's done, you can use the user token and pass it to cloud functions to do whatever you need and check the token validity and permissions server side.
On the cloud functions you're supposed to use the Admin SDK, not the client SDK. And the admin SDK has all privileges. For a more specific reason why you SHOULD NOT use the client SDK on cloud functions, is because it keeps state. So 2 users calling your cloud functions, using the client sdk server side, would result in the same user token, which is an error.
I hope I've solved your problem?
I am currently working on a react application, and have a database of customer information. I want to turn that information into accounts, and was wondering if Firebase will work for this? I don't want to have to store passwords, or deal with accounts, so I just want current customers to be able to log in with google / facebook. Will Firebase be able to link into my current PostgreSQL db, or how would that work?
There are NPM modules for this that I have been looking into, however I was wondering if Firebase is a better option for this. Also, what would the limitations of a free Firebase account be?
Firebase Authentication has no built-in connection to PostgreSQL.
But if you have a trusted environment where you can run code (like your development machine, a server you control, or Cloud Functions for Firebase), you can use the Firebase Admin SDK to verify the token from Firebase Authentication. For more on this approach, see the Firebase documentation on verifying ID tokens.
I have angular JS application that gets data from REST service with sql server backend. I develop and have control on all 3 parts - angular app, rest service and database.
I want to now add pizazz by making this app near real time by using Firebase. My question is - can I keep my current rest service and database for the most part and only use Firebase database and the library minimally and only where necessary to support real time?
You can do this using JSON Web Tokens (JWTs). This is possible because as you mention in your question, you control the REST service and the SQL server. Thus, because the server is trusted you can connect it to your Firebase database by authenticating it using a JWT.
As a result you can keep managing user accounts the way you currently do with the added "pizzaz" of making a subset of data available in "near real time". Firebase app JWTs can be generated with any existing JWT generation library and then signed by a SHA-256 HMAC signature.
Authenticating Servers
Because you are running a trusted server that is connecting your own Firebase database, you can authenticate it in several ways:
Using a Firebase app secret: All authentication methods can accept a Firebase app secret instead of a JWT token. This will grant the
server complete read and write access to the entire Firebase database.
This access will never expire unless it is revoked via the App
Dashboard.
Using a secure JWT with the optional admin claim set to true: This method will grant a server complete read and write access to the
entire Firebase database. This token will expire normally, so it is
important to set the expiration times accordingly.
Using a secure JWT designed to give access to only the pieces of data a server needs to touch: This method is more complicated, but it
is the safest way to authenticate a server as it lets the Security and
Firebase Rules prevent the server from doing anything it's not
supposed to, even if it becomes compromised in some way.
Source: Firebase Documentation -
https://www.firebase.com/docs/web/guide/login/custom.html
Generating Tokens
There are Helper Libraries available for many platforms but for this example I will use the Firebase Token Generator for Node.js made available by Firebase.
Firebase Token Generator for Node.js:
https://github.com/firebase/firebase-token-generator-node
Step 1:
Install the package using either npm or Bower (or compile from source).
Step 2: Copy the app secret from your Firebase instance's dashboard.
Step 3: Generate a token using Node.js by passing your Firebase app secret to the FirebaseTokenGenerator constructor method like this:
var FirebaseTokenGenerator = require("firebase-token-generator");
var tokenGenerator = new FirebaseTokenGenerator("<YOUR_FIREBASE_SECRET>");
var token = tokenGenerator.createToken({uid: "1", some: "arbitrary", data: "here"});