3rd party auth integration - email, password updating issues

[Conor Dockry]

Referencing the guidelines HERE (which describe migration from Parse).... My use case is no Parse, but similar, I'm trying to integrate 3rd party auth on a node.js / express server.

my relevant code:

firebaseWebSDK.auth().signInWithCustomToken(customToken)

.then(user => {

let nextStep

let message

// check if returned user has "email" field set..

if (!user.email) {

message = 'Signed up user, saved: email, password, and display name.'

const usersRef = firebaseServerSDK.database().ref('users')

nextStep = Promise.all([

user.updateEmail(email),

user.updatePassword(password),

user.updateProfile({ displayName }),

usersRef.child(user.uid).set({ displayName, email }),

])

} else {

message = `User already exists for that email: ${email}`

nextStep = Promise.resolve(null)

}

nextStep.then(() => {

delete req.session.user

return res.json({ message })

})

.catch(updateError => res.json({ error: updateError.message }))

})

.catch(signInError => {

const errorCode = signInError.code

const errorMessage = signInError.message

return res.json({ type: 'signInError', errorCode, errorMessage })

})

• Sometimes this successfully updates the user's email. Sometimes it doesn't. 
• It never seems to update the password, though.
• Always writes to the database "/users" successfully.
• Pretty sure it does update the Profile, though haven't checked that as much because of the email / password issues.

(just to be clear, it always runs the "update" section of code... just that the updates don't happen on Firebase)

I see HERE that these API's are possibly a work in progress? 

 

Just wondering why this doesn't work as it is stated to in the Android docs linked above. Does this have to happen synchronously or something?

Thanks in advance.

[Kato Richardson]

Hi Conor,

Your node.js/server-side should be authenticating with a service account, not trying to authWithCustomToken. The custom token goes back to your user, who runs that method at the client.

If you want your server to emulate a user's permissions, see limiting API privileges.

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/e8789234-95be-4e2f-91a8-aae084c2b301%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

[Conor Dockry]

Ok thanks Kato.

To emulate each specific user's permissions, would I have to call 

firebase.initializeApp({
  ...
  databaseAuthVariableOverride: { uid: '...' }
})

on every request, passing in the new "uid" each time?

To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/e8789234-95be-4e2f-91a8-aae084c2b301%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Kato Richardson]

I'm not the expert on this topic, but I think that's correct. I suspect you also need to pass an app name as a second argument as described here.

Note that calling initializeApp() doesn't establish any overhead like db connections, et al, so there's no reason to worry about multiples of these, that I know of.

To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/8fb286dd-7388-430b-94f9-a12f78429c45%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Bassam]

Hey Conor,

Promise.all will run the underlying promises in parallel and the backend requests will clobber each other as the transactions are not locked during updates.

I advise that you chain these promises sequentially.

Bassam