How to use Firebase Admin SDK in Flutter?

Question

I'm creating a app where I should be able of managing users access. The admin should have permissions of creating, deleting and editing users accounts.

I'm using firebase for creating users account.

Right now individually users can creating, editing and delete their accounts, but the problem is that the admin should do that, and not just the users.

import 'dart:async';
import 'package:firebase_auth/firebase_auth.dart';
import 'package:flutter/services.dart';
import 'package:google_sign_in/google_sign_in.dart';

class UserLoader {
  final FirebaseAuth _auth = FirebaseAuth.instance;
  final GoogleSignIn googleSIgnIn = new GoogleSignIn();
  static final UserLoader _singleton = new UserLoader._internal();
  FirebaseUser user;

  factory UserLoader() {
    return _singleton;
  }

  UserLoader._internal();

  Future<FirebaseUser> signInWithEmailAndPassword(email, password) async {
    if (user != null) return user;
    _signInAnonymously().then((value) {
      if (value != null) {
        user = value;
      }
    }).catchError((e) {
      return null;
    });
    if (user == null) {
      FirebaseUser user = await _auth.signInWithEmailAndPassword(
          email: email, password: password).catchError(
              (onError)
                {
                  print(onError);
                });
      return user;
    } else {
      return null;
    }
  }

  Future<FirebaseUser> signInWithGoogle() async {
    if (user != null) return user;
    _signInAnonymously().then((value) {
      if (value != null) {
        user = value;
      }
    }).catchError((e) {
      print(e.toString());
    });
    if (user == null) {
      GoogleSignInAccount googleSignInAccount = await googleSIgnIn.signIn();
      GoogleSignInAuthentication gSA = await googleSignInAccount.authentication;

      FirebaseUser user = await _auth.signInWithGoogle(
          idToken: gSA.idToken, accessToken: gSA.accessToken);
      return user;
    } else {
      return null;
    }
  }

  Future<FirebaseUser> _signInAnonymously() async {
    if (user != null) return user;
    user = await _auth.signInAnonymously();
    return user;
  }

  Future signOut() async {
    await _auth.signOut();
    await googleSIgnIn.signOut();
    user = null;
  }

  Future changePassword(email) async{
    await _auth.sendPasswordResetEmail(email: email);
  }

  Future createNewUser(email){
    _auth.createUserWithEmailAndPassword(email: email, password: "new_pass");
  }


  Future deleteUser(FirebaseUser firebaseUser){
    firebaseUser.delete();
  }
}

I think that Firebase Admin should do the trick but I'm not sure.

Answer 1

The Firebase Admin SDK is only available for use in trusted environments, such as your development machine, a server you control, or Cloud Functions for Firebase. It is (intentionally) not available for use in client-side apps, such as those deployed on Android or iOS, neither when you build those with native code, nor when you build them through Flutter.

The only option is to implement the functionality you want with the Admin SDK in a trusted environment, and expose an end-point to your Flutter app. If you end up doing this, make sure to secure access to the end-point so that only the admin users of your app can access it. For an example of how to secure access with Cloud Functions, see this sample in the functions-samples repo.