This question already has answers here:
Adding new data to firebase users
(2 answers)
Adding Custom Attributes to Firebase Auth
(2 answers)
Firebase: setting additional user properties
(2 answers)
Closed 1 year ago.
I am totally new to Firebase (typically use sql), but I need to do a few things ---
I have a register page with 2 fields name, password, and it is just using that auth feature in firebase
I need to add company name to that, as well as a couple of other custom fields. How do I do this?
Take a look at this picture to see the way it is set up in the auth feature in firebase:
How would I add those fields in there for when I create the user, and then also use them programatically?
Sorry Firebase Auth do not support that yet as adding custom fields to The Console .. But I also solved this issue by using Database (Cloud Firestore or Realtime Database) as I can add custom fileds linked to the user using his UID as I create Collection 'users' when user signup I create document to the user with his UID then store this fileds (e.g fileds you mentioned) .. So this is the best way to do that as Firebase Auth do not support that yet
Wish I helped you :)
Related
This question already has answers here:
Firebase create user without sign in [duplicate]
(1 answer)
Firebase kicks out current user
(19 answers)
Closed last month.
Using React js and Firebase.
I am new to firebase and generally programming. In a new project, a admin user should be able to create new users centrally.
createUserWithEmailAndPassword(auth, email, password1)
By using this method, I am able to create new users. Nevertheless, I get logged in in this new users automatically. Is there any solution to avoid the automatic log in?
I already found some stack overflow questions from 2016 and 2018 and the common question is, that I need to run the Firebase Admin SDK on a server. Is this the only solution?
I would prefer to practice a little bit more my new ReactJS and Firebase knowledge before starting with these server side topics.
This question already has answers here:
Is auth.uid a shared secret?
(2 answers)
Firebase security rules - is Auth generated UID ought to be kept secret? [duplicate]
(1 answer)
Firebase Database - Risks associated with exposing uid on the client side?
(1 answer)
can i login into a user's account if I just know UID in firebase [duplicate]
(2 answers)
Closed 9 months ago.
I plan on creating an application on flutter that uses firebase auth and cloud firestore. My plan is to create a user and the use the user's uid(iser id) to store and modify data in the database. So a specific id refers to a specific user.
I wanted to know if it is safe to directly save the user id in the flutter app after the user login because if someone were to somehow get access to the user id they would have access to their data in the database.
Would advise to use your custom ID along side with UID. When your app grows, you don't want to be sharing the UID or passing it around. Also while setting firebase rules, you'll be referring to UIDs, which should be kept private.
generate a random string for the ID.
And for sensitive user data, set a rule in firestore, to only allow reading of the document if request.auth.uid == user.uid. This will prevent unwanted access. Read up a bit more on firestore rules, might be relevant for your use case.
I have recently started using firebase for a create-react-app project and need to add a variable - pv to user object and update it regularly.. sort of like 'points'. Is it possible to do it? I could use firestore, but that's gonna be too much work for just one variable...
There is no way to add custom values to a Firebase Authentication user profile from the client-side SDKs.
If you want to store custom values for a user profile, the idiomatic way to do so is to store them in a database - using the UID of the user to identify the additional profile data for them.
This question already has an answer here:
How to make user presence mechanism using Firebase?
(1 answer)
Closed 2 years ago.
Before explaining my question I just want to tell you that I know there is a function exist to check if a user is logged-in or not using this function:
firebase.auth().onAuthStateChanged(function(user) { ... };
But my requirement is a bit different, I am working on realtime chat app and for that I am using react and firebase. In this app I want to show the status (user is available or not), just like Facebook do. So for that what comes in my mind is, if there is some way to get the list of logged-in users in my firebase db or if there is some way to check if the user is logged-in by using email then my purpose will be solved.
So please let me know if there are some method exists or guide me some way by which I can achieve this.
Thanks in advance.
Auth States depend on variety of factors, like if the user gets disconnected from the internet for a long time. He would essentially be 'logged in' to the app (firebase remembers login) but he won't be active.
The best way moving forward is to check the last active time + disconnection with database. Firebase has a detailed documentation on preference.
This question already has an answer here:
Can react state be tampered with to bypass security measures?
(1 answer)
Closed 4 years ago.
I'm new to React and I have taken some courses online. Can users change the state/props of components on a React app in production using console or react tools? My question is more related to security.
i.e. changing login credentials to access data that should not be accessible to them.
In PHP I would control this by storing users credentials in a session and then validating it using a middleware in backend. Since users have full control of what is on client-side, how could I prevent someone from changing credentials and access sensitive data?
EDIT: My approach would be to validade the credentials on backend and then store user data in a state, lets say in a state property called userId:
//after backend validation
if (credentialsAreValid) {
this.setState({userId})
}
How could I prevent a user to modify its ID which is stored in the state?
If validating the user (eg: during login) before storing server-side session variables only accessible to PHP, you should be fine. If storing the data in a cookie (or other client-side storage engine) it is open to spoofing.
Note: Cannot provide a better answer without seeing code that establishes session and where variables are stored (eg: provide example code).