Re: A few simple questions about login
151 views
Skip to first unread message
Jonathan Friedman
Jun 6, 2013, 12:11:20 PM6/6/13
to fireba...@googlegroups.com
I don't really understand your other questions, but I can speak to this one, since this is exactly how we do it:
I am considering setting up a simple call HTTP call on my node.js server : the mobile app will send up an email/password to my app server, and the app server will check my firebase to see if that user exists. If the user does exist, it will send down that user's auth token. Then the mobile app will just use that auth token and firebase's simple .auth() function to login. Will that work? I'm still figuring all of this out :-)
The short answer is YES. That will work fine and is actually the proposed mechanism for implementing your own login system.
It is documented here: https://www.firebase.com/docs/security/custom-login.html.
We do this at CircuitHub. Given that we use a single-page application approach. We actually have a separate API call the (logged in) client makes to get it's Firebase token and which Firebase server it should use. That way we can switch to development servers, backup Firebase servers, and such when needed automatically.
Rob DiMarco
Jun 6, 2013, 12:29:03 PM6/6/13
to fireba...@googlegroups.com
Hi Andy -
Thanks for the e-mail. Answers to each of your questions are below (inline), and I'm happy to help debug the sessioning issue that you're seeing as well.
1. How do I get the FirebaseAuthClient simple login to keep the user logged in? I have simple login enabled on my firebaseio with 30 day session, and passed rememberMe:true to the login call on the web.
The FirebaseAuthClient should automatically session the user and keep the user logged in, but it is possible that there is something going on preventing that. Ping me off-list with a link to your app, or a sample of the auth. code that you're using? I'm happy to investigate.Thanks for the e-mail. Answers to each of your questions are below (inline), and I'm happy to help debug the sessioning issue that you're seeing as well.
1. How do I get the FirebaseAuthClient simple login to keep the user logged in? I have simple login enabled on my firebaseio with 30 day session, and passed rememberMe:true to the login call on the web.
2. How can I update a user's information?
Keep in mind that Simple Login is only authenticating the user using the authentication method that you specified (email / pass, Facebook, Twitter, etc.) as a convenience, but is not storing any data in your Firebase for you. This is intended to keep your Firebase data as flexible as possible, and allow you to store data however you wish. That means that after authenticating a user, you should set / update that user's data in Firebase. However, you cannot change the user's social data (Facebook, Twitter, GitHub, Persona, etc.) data via this API, and for e-mail / password login, we're only securely storing the user's credential for you, so there shouldn't be anything to change.
3. Is there detailed documentation for FirebaseAuthClient and how the user objects work? I looked high and low and couldn't find anything other than the overview page.
Check out the specific page for the login method that you're using to see the list of attributes that are guaranteed to be included in the user object. As mentioned above, these are immutable, and capture a snapshot of the user's information at the time of authentication.
4. Is there an easy way to do simple username/password login *without* having to include the 80kb firebase-auth-client.js file in my mobile apps? Or is there a slimmer version of firebase auth client with only the simple login?
As Jonathon suggested, you can use custom login, which involves running your own server to manage credentials and authenticate users, and then simply pass a token to Firebase containing any arbitrary JSON that you'd like to be able to use in your security rules. Check out https://www.firebase.com/docs/security/custom-login.html for more information and client libraries in a number of languages. Also, I believe the firebase-auth-client.js is only 14Kb, can you confirm that number you're seeing?
Thanks, and hope that helps!
Rob
Thanks, and hope that helps!
Rob
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Andrew Lee
Jun 6, 2013, 12:34:16 PM6/6/13
to fireba...@googlegroups.com
Andy -
Keep in mind we gzip the libraries, so the 14kB Rob mentions is *after* compression. Even uncompressed it's only ~40kB though.
-Andrew
--
Andrew Lee
Founder, Firebase
http://twitter.com/startupandrew
Andy Joslin
Jun 6, 2013, 12:34:25 PM6/6/13
to fireba...@googlegroups.com
Thanks guys!
I will probably just do what I said in #4 for all my apps, then. It is good to know that the auth is seperate from a user object itself. That makes everything make a lot more sense...
..and Rob, it is actually 43.7kb. I remembered wrong :-) http://d.pr/i/i9HT
Rob DiMarco
Jun 6, 2013, 1:23:05 PM6/6/13
to fireba...@googlegroups.com
Ah, yes, 14Kb compressed - I should have mentioned that.
Also, Andy - feel free to ping me directly if you need help debugging anything, I'm happy to help.
Also, Andy - feel free to ping me directly if you need help debugging anything, I'm happy to help.
--
Andy Joslin
Jun 6, 2013, 2:33:31 PM6/6/13
to fireba...@googlegroups.com
OK, sent you an e-mail :-)! Thanks rob!
Reply all
Reply to author
Forward
0 new messages