Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firebase Auth with different user types

Tags:

android

firebase-authentication

I am working on something where I have two apps - one for a 'Requester' user and one for a 'Responder' user, and I am currently using Firebase for Auth. The users sign in with email/password combinations and this is the root of the problem:

The problem is with user collisions - because the auth module is hooked up into a single project in the Firebase console, a responder can technically log into the requester app, and vice versa, which results in issues because well, the back end conks out - the API doesnt allow them access because the DB doesnt find their data in the tables, and the apps behave erratically (read: crash).

I understand there are similar sounding questions (Android - Firebase - Different types of Users Login) but what I would really like to ask is if there can be some way I can avoid this nasty situation. Some options that come to mind are:

  1. do a manual check in the db and log the user out if they are not of the right type - can be done but is tedious and costs data/time.
  2. create different projects in Firebase just for each user type - this is inefficient - while I use Firebase for auth, I use Mongo for storage so this doesnt really matter but if/when I switch to Firebase for storage, then my server code will get complicated, slow and messy from having to access a different DB each to access requester and responder data
  3. roll my own auth - feels like a bad idea, but it helps solve the immediate problem while opening a different can of worms as I also need to implement Firebase Cloud Messaging down the line
  4. switch to another auth provider - I'm open to suggestions here

I also anticipate a scenario where a responder could create an account and use the requester app as well, in which case the collision occurs and needs to be addressed - I could ban responders from using the same email ID to sign in as a requester but that may not hold up to real world scenarios where users could (and will) want to use one email ID for everything.

Can anyone help me with the right approach to take and/or with any hints/solutions to this problem?

----- EDIT ON 14 DEC 2017 --------

I also have two apps listed under the same project (screenshot attached), so my next question is, will there even be a clash when a requester user tries to sign in/sign up as a responder or vice versa?

Screenshot of two apps in one Firebase Project

like image 314
kilokahn Avatar asked Dec 13 '17 20:12

kilokahn

People also ask

Can you change user UID Firebase?

An ID that uniquely identifies a user. By default, Firebase uses randomly generated 28-character strings. The UID of a user cannot be changed, but when creating a new user through Firefoo, you can choose a custom UID.

Are users in Firebase unique?

Firebase users have a fixed set of basic properties—a unique ID, a primary email address, a name and a photo URL—stored in the project's user database, that can be updated by the user (iOS, Android, web).

Is Firebase user UID unique?

UIDs are unique within a single project. Even accross different apps if they use the same project. But according to the firebase blog, the uids will be different accross projects. If you use different projects on different apps, uids will be different.

1 Answers

Consider using custom user claims and enforcing access via the Database rules or if you are using your own endpoints, by parsing the ID token and checking its claims. The Firebase admin SDK provides tools to do that: https://firebase.google.com/docs/auth/admin/custom-claims

Firebase Auth team is also working on exposing these claims to the client too to simplify UI changes needed there.

like image 139
bojeil Avatar answered Sep 22 '22 13:09

bojeil
Sign in to Comment

Related questions

Canvas .toDataURL() returns partially corrupted image
Android Studio 3.0 - Gradle Sync failed for externalNativeBuild
Android O: Service not stopped by background execution limits
Layout stretching when dismissing DialogFragment
How to scope ViewModels properly?
Mediaplayers get muted/unmuted too late
User properties from Firebase Analytics in DebugView
Widgets lead to DeadObjectException - Transaction failed on small parcel
Robolectric - How to clean up message: "WARNING: unknown service autofill"
How to make app that can change Android user interface font?
ACCOUNT_MANAGER - "Permission is only granted to system apps"
How to check the expiration for subscription items
DexArchiveMergerException: Unable to merge dex - Android Studio 3.0 Stable
Flutter: how to launch and android intent and return data to flutter
Buildozer Unknown command/target android_old
How to list files in assets folder react-native
Recurring crash on SimpleSettableFuture.java in ReactNative
Can't update any plugins, not a valid cordova platform?
App not installed package appears to be corrupted
Picasso binding adapter 'a connection was leaked' message

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!