New Feature: Password Resets in Firebase Simple Login

[Rob DiMarco]

Hi folks -

Good news everyone! At long last, we've rolled out password resets for Firebase Simple Login.

We'll be announcing this more publicly over the coming weeks, in conjunction with a number of other Simple Login improvements, but given the demand for this feature I'd like to give you a quick overview of the new features below.

Also, I'd like to encourage you to reach out to me directly any time you run into problems, have questions, etc. I'd love to get any and all feedback you may have on this, so please don't hesitate to reach out.

Overview

Each of the Simple Login client libraries has been given a new method for generating password reset emails for the specified email address - sendPasswordResetEmail() on the Web and Android, and sendPasswordResetForEmail() on iOS.

This e-mail will contain a temporary token that the user may use to log into their account and update their credentials. This token will expire after 24 hours or when the user changes their password, whichever occurs first.

Note that the user's original, chosen password will continue to work until the user actually changes their password, in order to prevent the reset of password for users who didn't request it.

A New Include

Each of the files on our CDN are now fully versioned, including firebase.js and firebase-simple-login.js. In order to get access to the new password reset features, you'll need to update your include to the latest version (v1.2.1 at the time of this writing):

https://cdn.firebase.com/js/simple-login/1.2.1/firebase-simple-login.js

or install the Firebase Simple Login Web Client as a local application dependency with Bower:

bower install firebase-simple-login

Configuration

The password reset feature in Firebase Simple Login includes a default e-mail template, and will send from "nor...@yourfirebase.firebaseapp.com". You can change this template, or change the sending address at that subdomain, under the 'Email / Password' section of the 'Simple Login' tab in Forge.

However, free accounts come with two limitations. The first is that the bottom of each e-mail comes with "-- Powered by Firebase --" messaging. The second is that free accounts are restricted to sending from the "yourfirebase.firebaseapp.com" domain.

Upgrading to a paid account, at any tier, will give you immediate access to whitelabel e-mail from your own domain, and remove the Firebase branding message.

If you're able to configure DNS for your domain, the addition of two DNS records will enable full, signed whitelabel e-mail from an address of your choosing at your domain.

Best Practices / Recommendations

This e-mail template is entirely up to you; however, we recommend that update your email template to redirect the user directly to a change-password page on your domain, where the temporary token is included as a URL fragment. This method allows you to let the user set their new password without ever knowing or copying / pasting the token, as you can invoke the changePassword() from behind the scenes.

------

Stay tuned for more updates, thanks!

Rob

[John Smith]

Fantastic news to wake up to :) I've been toying with this over the last couple of days and had actually added to 0.6.0 angularfire.js for sendPasswordResetEmail as the CDN version wasn't right but, then found updated version on github (still versioned as 0.6.0). Still had trouble getting it to make the call properly.

Is there a way to see what's in and versioned in the CDN?

[Rob DiMarco]

Hi John -

While this doesn't exist today, it's something that we're working on exposing in order to give our developers greater visibility into each of the published versions and the changelogs between them. For the time being, we'll be updating the public Bower repositories and the Downloads section of the website with the latest.

Thanks for the note!

Rob

On Fri, Jan 24, 2014 at 12:02 AM, John Smith <aoed...@gmail.com> wrote:

Fantastic news to wake up to :) I've been toying with this over the last couple of days and had actually added to 0.6.0 angularfire.js for sendPasswordResetEmail as the CDN version wasn't right but, then found updated version on github (still versioned as 0.6.0). Still had trouble getting it to make the call properly.

Is there a way to see what's in and versioned in the CDN?

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[plong0]

This sounds great!  I am trying to use $sendPasswordResetEmail(email) with angularfire 0.6.0 and firebase-simple-login 1.2.5 - both from the bower repository.

My code is something like:

var fbAuth = $firebaseSimpleLogin(new Firebase("https://myapp.firebaseio.com"));

fbAuth.$sendPasswordResetEmail(email);

I am receiving the error: Object #<Object> has no method '$sendPasswordResetEmail'

All the other $firebaseSimpleLogin methods seem to be working with my fbAuth object.

[plong0]

$firebaseSimpleLogin $sendPasswordResetEmail is working with latest angularfire from github 

[Anant Narayanan]

Hey,

$sendPasswordResetEmail is not available on AngularFire 0.6. You'll have to grab the latest version from Github, or wait for 0.7 to be published to bower (which is probably a couple weeks away).

Cheers,

-Anant

--