stackoom
  简体   繁体   中英

Have one user signup another user with custom fields in firebase/flutter

 原文  2021-06-07 14:11:53       firebase/ flutter/ firebase-authentication

Question

I am trying to determine if the following scenario is possible with flutter and firebase:

we have users within the company who will be given access to the app, where on the homepage will be a signup another user button where they enter in that user's email and password, they get signed up, and then the original user specifies custom fields for the 2nd user, such as company name, role, position, etc.

Is this possible with flutter and firebase?

Have asked the flutter google group and was told about custom authentications, but from what I see that is just an external authentication system and doesn't show me how to let one user create another users profile with fields.

Any ideas?

1 answers

solution1
 1 ACCPTED  2021-06-07 14:56:46

The first thing to consider is whether those properties need to be in the user profile at all. The user profile is sent with every request, and should only contain information that is relevant for securing access. If you have additional information to store about the user, you should store it elsewhere (such as in one of Firebase's databases) using the UID of each user as its key.

Assuming that the information is about security (such as the role seems to be, there is no secure way to let one user set security properties (typically referred to as claims) from client-side code. As soon as this is allowed from client-side code, anyone could set such properties for anyone else. That's why setting custom claims for a user is only possible with Firebase's Admin SDKs, which are designed to run in a trusted environment - such as your development machine, a server you control, or Cloud Functions.

There are a few other options, but it's important to realize they're all implemented on top of the above approach.

  • There is an experimental extension that allows you to set auth claims by writing a document into Firestore , which something like this (JavaScript syntax, but the Flutter code will be similar):
     db.collection("user_claims").doc("abc123").set({ role: "admin", groups: ["example1", "example2"], });
    Now of course you'll want to make sure that you secure writing to the user_claims collection, as otherwise you'll end up with the same security risk I mentioned in the first paragraph, where everyone can claim any role they want.
  • Alternatively you can write your own server-side API (for example on Cloud Functions) that you expose to your application, and that then calls the Admin SDK. Here too, it is important to secure access to this API, to ensure only authorized users can call it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to signup user via phone number using firebase in flutter? Creating user node on firebase signup Firebase Disable new user signup Flutter How to model firebase user fields Firebase Admin SDK - Create user with custom fields Firebase User Profile Add Custom Fields Firebase store an user into database after signup with a custom document name (Firebase v9) Firebase Updating User Data With Custom Fields After Creating User Firebase and JavaScript. Adding custom user fields when creating user How to: Set Firebase user's profile info on signup/creation? (Flutter-web)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM