Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to create "credential" object needed by Firebase web user.reauthenticateWithCredential() method?

The (unclear) example in the new docs:

var user = firebase.auth().currentUser; var credential; // Prompt the user to re-provide their sign-in credentials user.reauthenticateWithCredential(credential).then(function() { 

How should I create this credential object?

I tried:

  • reauthenticateWithCredential(email, password) (like the login method)
  • reauthenticateWithCredential({ email, password }) (the docs mention one argument only)

No luck :(

PS: I don't count the hours wasted searching for relevant info in the new docs... I miss so much the fabulous firebase.com docs, but wanted to switch to v3 or superior for firebase.storage...

like image 550
Pandaiolo Avatar asked Jun 14 '16 12:06

Pandaiolo


People also ask

How do I get Firebase auth credentials?

To sign a user into your app, you first get authentication credentials from the user. These credentials can be the user's email address and password, or an OAuth token from a federated identity provider. Then, you pass these credentials to the Firebase Authentication SDK.

What does Firebase auth () CurrentUser return?

If a user isn't signed in, CurrentUser returns null. Note: CurrentUser might also return null because the auth object has not finished initializing.

How do I use Firebase with username and password?

If you haven't yet connected your app to your Firebase project, do so from the Firebase console. Enable Email/Password sign-in: In the Firebase console, open the Auth section. On the Sign in method tab, enable the Email/password sign-in method and click Save.


2 Answers

I managed to make it work, docs should be updated to include this for who does not want to spend too much time in the exhaustive-but-hard-to-read API reference.

Firebase 8.x

The credential object is created like so:

const user = firebase.auth().currentUser; const credential = firebase.auth.EmailAuthProvider.credential(     user.email,      userProvidedPassword ); // Now you can use that to reauthenticate user.reauthenticateWithCredential(credential);  

Firebase 9.x

(Thanks @Dako Junior for his answer that I'm adding here for exhaustivity)

import {     EmailAuthProvider,     getAuth,     reauthenticateWithCredential, } from 'firebase/auth'  const auth = getAuth() const credential = EmailAuthProvider.credential(     auth.currentUser.email,     userProvidedPassword ) const result = await reauthenticateWithCredential(     auth.currentUser,      credential ) // User successfully reauthenticated. New ID tokens should be valid. 

Note

Some people asked about userProvidedPassword, if it was some sort of stored variable from the first login. It is not, you should open a new dialog/page with a password input, and the user will enter their password again.

I insist that you must not try to workaround it by storing user password in cleartext. This is a normal feature for an app. In GMail for example, sometimes your session expires, or there is a suspicion of hack, you change location, etc. GMail asks for your password again. This is reauthentication.

It won't happen often but an app using Firebase should support it or the user will be stuck at some point.

like image 89
Pandaiolo Avatar answered Sep 21 '22 08:09

Pandaiolo


Complete answer - you can use the following:

var user = firebase.auth().currentUser; var credentials = firebase.auth.EmailAuthProvider.credential(   user.email,   'yourpassword' ); user.reauthenticateWithCredential(credentials); 

Please note that reauthenticateWithCredential is the updated version of reauthenticate()

like image 26
maudulus Avatar answered Sep 19 '22 08:09

maudulus