重新验证用户。 使用 Android 的 FirebaseUI 身份验证
[英]Re-authenticate a user. with FirebaseUI auth for Android
问题描述
I'm using Firebase-UI auth and I want to implement delete account functionality for my application.
我正在使用 Firebase-UI 身份验证,我想为我的应用程序实现删除帐户功能。
Some security-sensitive actions—such as deleting an account, setting a primary email address, and changing a password—require that the user has recently signed in.某些安全敏感操作(例如删除帐户、设置主要 email 地址和更改密码)要求用户最近登录。
To delete a user, the user must have signed in recently, See Re-authenticate a user .要删除用户,该用户必须最近登录过,请参阅重新验证用户。
FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
// Get auth credentials from the user for re-authentication. The example below shows
// email and password credentials but there are multiple possible providers,
// such as GoogleAuthProvider or FacebookAuthProvider.
AuthCredential credential = EmailAuthProvider
.getCredential(user.getEmail(), );//how can i get password of the user
// Prompt the user to re-provide their sign-in credentials
user.reauthenticate(credential)
.addOnCompleteListener(new OnCompleteListener<Void>() {
@Override
public void onComplete(@NonNull Task<Void> task) {
Log.d(TAG, "User re-authenticated.");
}
});
is there any way to get the current password from the user or any other solution?有没有办法从用户或任何其他解决方案获取当前密码?
I search all the documentation and I can't find a method that gives me the current password of the user.我搜索了所有文档,但找不到给我当前用户密码的方法。
1 个解决方案
解决方案1
1 已采纳 2023-01-13 08:08:19
Some security-sensitive actions—such as deleting an account, setting a primary email address, and changing a password—require that the user has recently signed in.
Yes, that's correct.对,那是正确的。 As soon as 5 minutes have passed since the last log-in, the delete account operation cannot be performed, as it is considered a sensitive operation.自上次登录后 5 分钟后,将无法执行删除帐户操作,因为它被视为敏感操作。
Is there any way to get the current password from the user or any other solution?
No , there is no way you can get the password of the logged-in user.不,您无法获取登录用户的密码。 Nobody will ever provide that.没有人会提供那个。 When a user tries to delete the account when 5 minutes have already passed since the last log-in, then you have two options available:当用户在上次登录后 5 分钟后尝试删除帐户时,您有两种选择:
You provide in the UI the possibility to sign out.
您在 UI 中提供注销的可能性。 In this way, the user will be redirected to a sign-in screen.这样,用户将被重定向到登录屏幕。 As soon as it lands on the sign-in screen the user will be able to restart the authentication process.一旦它登陆登录屏幕,用户就可以重新启动身份验证过程。You can keep the user logged in but you'll need to provide an option to type the password again.
您可以让用户保持登录状态,但您需要提供一个选项来再次输入密码。 As soon as you have the password, then you can call FirebaseUser#getEmail() to get the email of the logged-in user.一旦你有了密码,你就可以调用FirebaseUser#getEmail()来获取登录用户的 email。 Right after that, you can call EmailAuthProvider#getCredential(String email, String password) to get an object of type AuthCredential .之后,您可以调用EmailAuthProvider#getCredential(String email, String password)来获取类型为 AuthCredential 的object 。 Having such an object, you can call then call FirebaseUser#reauthenticate(AuthCredential credential) to reauthenticate with its own credentials.有了这样的 object,您可以调用FirebaseUser#reauthenticate(AuthCredential credential)以使用自己的凭据重新进行身份验证。
No matter what option you choose, right after a successful authentication or a successful reauthentication, the user will be able to delete the account in a 5 minutes time frame.无论您选择什么选项,在成功验证或成功重新验证后,用户都可以在 5 分钟的时间范围内删除帐户。
Personally, I prefer the first option as it needs only a sign-out option .就个人而言,我更喜欢第一个选项,因为它只需要一个注销选项。 But it's up to you to decide which is better for your use case.但由您决定哪种更适合您的用例。 In code, it looks like this .在代码中,它看起来像 这样。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.