I have 2 mobile apps and one web app which use the same Firebase Auth and Notification services. I only use Auth and Notification services, nothing else.
I require to have a staging environment and production environment, and both need to run in parallel.
I do not see other option in Firebase rather than creating two different projects. But that's risky, because I have to replace the JSON files in mobile app, replace Admin SDK stuff in web app and so on.
So what's the best option for this? I use Firebase only for Auth and Notification. In notification I send messages to individual devices and user groups.
maybe asking the users to use different email accounts for testing and production is the way to go? (Because then the Auth data will not be messed up even though the same Auth space is used)
You could have only one single Firebase project and inside this project create several apps. For instance, you could create an app for production with the package name(android)/bundle id(iOS) "com.example.myapp" and another for staging "com.example.myapp.staging". That way, you can download a single json file with both configurations. In your android studio/xcode, you have to set up those package name/bundle id with the corresponding build configuration.
Related
I have wrote a simple web application with few tables. It has it's administration area where you can manage it's table. Basic CRUD operations.
However, I need to develop an Android application which will retrieve information from this web application trough API. So I am going to write a simple API methods for fetching data. Also there will be sometimes when Android user will save some of its data to database.
Android application needs to be able to list items stored in database and bookmark some of those items over HTTP.
To me problem is how to implement SingIn / SignOut operations using Android's Google account. For example, application GMail is always signed in (at least on my device) and I want my application to be always signed in.
Then, how can I manage what items user bookmarked? Should I create a table android_bookmarked_items (android_user_id, item_id)? But then what should be android_user_id? Do I need to use OAuth?
I am doing this kind off sign in for the first time and I am really confused how to connect this web application with android user and manage bookmarked items per user...
You can make use of Android AccountManager. Check out How to get the Android device's primary e-mail address
I think i have found solution by using Google Sign-In for Android. I get idToken for currently login user before each POST request and verify it on server side. Also from the token I get property sub which is user id and store this in my database...
Auth with a backend server
However, I am pretty new to this stuff, tokens and authentication using google, I would like for someone more experinced to confirm that my solution is fine and secure...
I have an application that I am securing using Stormpath. So far the basic registration/login process works great.
I have now added Social authentication, but I'm running into a problem. The way it's configured right now, it will allow two simultaneous users to be created with the same email address. I would like to have the email as my primary key for the user.
Is there a way I can have Stormpath "merge" these accounts so they are treated as one account just with multiple ways to authenticate?
Yep! Stormpath has a feature where we can automatically link accounts between directories.
You can use the Stormpath Cloud Directory as the "master" and the social directories as "mirrors" that feed into the cloud directory. This allows you to use the cloud directory as the source of truth.
See this post for more info on how this feature works: https://stormpath.com/blog/unify-social-accounts-account-linking
I am trying to create a prototype using Firebase on AppEngine, and I keep hitting the 9-hour quota as described here: https://cloud.google.com/solutions/mobile/firebase-app-engine-android-studio#configuring_the_app_engine_backend_to_use_manual_scaling
The doc states the following:
To use Firebase with App Engine standard environment, you must use manual scaling. This is because Firebase uses background threads to listen for changes and App Engine standard environment allows long-lived background threads only on manually scaled backend instances.
I am just using Firebase Authentication and Need to verify the clients hitting my app engine endpoints which I do using Firebase Admin SDK. so does it still need to spawn threads to listen for changes? Is there a way to configure Firebase to not need these background threads, and therefore, not need manual scaling?
OR is there any other easy way to Do OAUTH custom authentication for anonymous & different social providers ?
yes you can use the Firebase Authentication without using Backend Instances. You need to use Java Admin SDK 4.0.4. then you can run an automatic scaling instance (Frontend Instance)
Please see the following post
Verify Firebase Token at Google App Engine
You do not need manual scaling to use Firebase Authentication with App Engine standard environment applications.
This tutorial is for Python, but the pattern and flow would be the same for Java. The overall flow would be similar in that you'd trigger on the client side your authorization flow, the user would choose from your allowed auth providers, Firebase would return the JWT token to your front-end script, you would send that token to your backend where you would decode it using the Firebase certificates and exchange it for your auth tokens.
From that tutorial, the client-side HTML and Javascript would be identical for you. You would just need to recreate the backend logic for Java.
Again, the automatic scaling instances would work just fine for you.
I'm new to Firebase and Android programming, I have some questions regarding Firebase custom authentication.
I build an android application of social report (for broken public infrastructure) which needed simplest solution for automatic authentication. Since it is a social report app in which users shouldn't be bothered in registration process by inputing any kind of data. So I decided to use Android uuid as an identifier of user instead of email/user name/etc. I loosely implement user authentication and registration. It only need Android device uuid to register/authenticate (don't even need a password). Although, I think I've secured user data in firebase security rules well enough.
I've successfully created a custom automatic authentication/registration server with Go language which mints and store the data from the Firebase itself. These are my current workflow:
The Android client automatically sends a request to my auth server. The request data contains Android uuid and several other data. I'm going to put it in onCreate activity. So every time user opens the application up, it will request for a token.
My auth server checks whether that particular uuid is stored in my Firebase. If it is, then generate a JWT. If not, my server will automatically create a new user data entry in my Firebase and send back a new JWT.
Someway save the JWT within the client app, and use that to do data transaction with firebase.
I managed to learn the Firebase library for Android, it is great and very simple. I found a lot of Android http request libraries (two of them are retrofit and volley). Yet, I still uncertain of the best way to send the auth request from the Android client.
What is the preferred/simplest way to send custom auth request in the client app, based on the requirements and workflow I've specified above? Do I need to use http request library to simplify the code? sample/snippet of code would be very helpful. What is the best way to store and use the JWT in the client app? Is my current workflow good enough? Evaluations are much appreciated.
As a side note, this is my school final project, not a production application. So I don't mind elaborate cases like whether user is having more than one phone, or buying second phone which ought to have same uuid with the previous owner, etc. Also, please spare my weird grammar/non-idiomatic language as I'm not a native english speaker.
The easiest way with Android is to use signInWithCustomToken() on a Firebase auth object (FirebaseAuth).
Here is the reference in the docs, including sample implementation code:
https://firebase.google.com/docs/auth/android/custom-auth
Good luck with the project.
I've been searching over the web but I can't seem to find some straight answer.
I've got an application developed and now I need to add it notifications. My issue is that I need each device to be unique and send each one of them a different notification. (I don't mean ONE UNIQUE notification) but I mean to send some users a notification and others don't.
How can this be done?
As a part of the GCM infrastructure, you will need to have your own web application that will allow individual instances of your app to register. When this happens, your Android application will pass to the web application a registration ID along with any additional information that you can use to identify the device. Once you have this information stored, you can pick and choose which device should receive your notification.
See: Architectural Overview section in the http://developer.android.com/google/gcm/gcm.html