stackoom
  简体   繁体   中英

Flutter store users data with Cloud Firestore and Firebase Auth

 原文  2021-06-10 04:47:09       android/ firebase/ flutter/ google-cloud-firestore/ firebase-authentication

Question

I have a collection of "Users" in Cloud Firestore and I am using Firebase Auth to authenticate my app users as follows:

  1. The user authenticates within the mobile app (for example with Google).
  2. I verify that there is no document within the "Users" collection that corresponds to the UID of the authenticated user.
  3. If the document does not exist in "Users" I use the user's UID to create a new document.

It is my question: Is there a security problem with this model or some other type?

I am confused by Google documentation because it says that the user's UID is unique to the Firebase project but should not be used to authenticate my user to the backend server. It also says that in that case, I should use FirebaseUser.getToken () but that token can change, so it will create a new user in my DB.

So, my second question is: When should you use that token? Give me an example, please.

Thanks for the help.

1 answers

solution1
 1  2021-06-10 05:45:21

USER_ID

You can use the google generated user_id for future reference. That will never change for a given user email or authentication type as long as the user is already in the database.

Example: If the user Signed In with google federated login with user1@example.com then the user record is maintained in the Firebase and USER_ID(Say ABFDe12cdaa2... ) will be assigned(You can use this id in URLs to see the user profile etc it is kind of 32 chars long(I am not sure exactly here). Now, If a user tries to sign up again with the same email(user1@example.com) then it pulls the previous record ABFDe12cdaa2... . If you delete a user1@example.com from the firebase database(Firebase maintains its own database of the user for your project, With has a limited number of user properties). Then the user tries to sign in again then the new USER_ID is generated.

Now the TOKEN :

As you USER_ID is public, it can be seen by everyone. It is not used for authentication.

So you need to generate the token( This is longer the user id) to authenticate programmatically with the Firebase. It token is temporary and specific to the user. It will expire in some time ( you can define that time while creating the token). a refresh token is used to get a new token.

I don't have any code examples while writing this answer. I will update with code example,If, I find any.

Hope I clarified some of your questions.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Store user data with only Firebase Firestore without auth? Flutter Firebase : How to call Display Name and UID from Firebase Auth then use those values and save in Cloud Firestore I cannot add cloud_firestore and firebase_auth together in Flutter Adding Cloud Firestore & Firebase to Flutter project (Android) Cloud firestore Flutter cannot set data on a document Firebase Cloud Firestore does not return data or errors how to add multiple nodes in Firebase cloud Firestore using flutter How to post list object to cloud firestore firebase in flutter Flutter-Firebase Build Failed ':cloud_firestore:compileDebugJavaWithJavac' Read data from cloud firestore with firebase cloud function?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM