Re: [Firebase] Resetting a Forgotten Password

[Rob DiMarco]

Hi Daniel -

We're adding this functionality to the email / password authentication and will be rolling out a solution soon. We want to enable your users to reset their forgotten passwords without requiring you to manage email communication or separate server processes, all while maintaining a consistent user experience.

If it's all right with you, I may reach out for additional feedback within the coming weeks to get your thoughts on what we're thinking. Also, I have added you to our wait-list for this feature so that you're notified as soon as we've released it. Please follow-up if you have any other thoughts / feedback.

Thanks, and have a great weekend -

Rob DiMarco

Engineer @ Firebase

On Fri, Dec 28, 2012 at 8:49 PM, Daniel Horton <dan...@binaryorganic.com> wrote:

Is there any functionality in the Simple Email API for resetting a forgotten password? From what I can tell the current changePassword function requires the existing password to be known. Am I mistaken and, if not, what is the recommended way to handle a forgotten password?

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To post to this group, send email to fireba...@googlegroups.com.
 
 

[Rob DiMarco]

Hi Nikhil -

Regarding the password reset emails, there are a few different ways we could go about that. One possibility is that Firebase sends the emails on the developer's behalf, from a Firebase-owned domain, or we could alternatively send them using developer-defined credentials, from a domain they control. These integrations are still being formulated, so don't hesitate to let us know what would be ideal for you.

Regarding the e-mail / password user information, our thinking here is to give you as much freedom and flexibility as possible when building your application. For that reason, our current 'auth' variables, across each of the built-in Simple Login methods, contains only the bare minimum user identifiers. Specifically, we want to include user attributes that are unique and permanent (such as user id) or that we want to be certain that the user hasn't spoofed (such as email address). This is to encourage storing your user data in Firebase - keyed on the unique user identifier, just like you're doing - where read / write access is protected using security rules. The 'auth' variable is intended to hold only a limited subset of information that are required for writing your read / write / validate rules.

If your use case requires that you have more information in the 'auth' variable than currently provided, we expose our token-generation library publicly (see Node.js Token Generator Library) where you may include any arbitrary data in the token payload. Also, please reach out directly (r...@firebase.com) as we would love to know more about your use case.

Hope that helps, thanks!

Rob

On Sun, Dec 30, 2012 at 2:55 PM, nikhil bafna <nikhil....@gmail.com> wrote:

That would be a wonderful option.

I have a question about the approach though. If it would not require us to manage the email communication, then what would the domain name that would be shown on the email sent?

Also, about email/password option - 

Do you plan to extend this so that additional user information could be stored along with the userID, user email?

As per my understanding, using 
authClient.login('password', email, password, function(error, token, user) {

if (!error) { // You can now do firebase operations as an authenticated user..} 

 });

the `user` variable contains only user id and user email. Would be possible to extend it such that user's first name / last name, DOB, etc. could be stored as well?

For now, for every user I created a child at `/users`, and store that information using userID as the key.

Thanks.

[Andrew Harbick]

Has there been any progress on the ability to do password resets?

Thanks,

Andy

[Jordan Speizer]

I'm also interested to hear any updates on this feature. Would love to not have to go the custom login route if possible.

[Rob DiMarco]

Hi Andrew, Jordan -

Unfortunately, I don't have any update on password resets in Simple Login email / password authentication, but I'd like to follow-up with each of you individually to better understand your specific needs with respect to this feature. Thanks -

Rob

To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

[Michael Dorian Bach]

Hey Rob,

We also really need this feature to be able to ship our startup on Firebase. Any ETA or timeline would be awesome. This is a shipping dependency for us now. We've gone pretty deep with Firebase and this single Auth scenario has us stuck. Our users do forget their passwords and currently there is no way for them to retrieve or reset. Auth is such an amazing feature and we'd love to now have to rip it out just because of this limitation of Firebase. 

Michael

[pcan...@cliqmusic.com]

Rob,

We are also in need of this feature so please keep us posted as well. 

Phil

[Troy Goode]

+1

[Andrew Lee]

All -

We're working on adding this. Thanks for all the feedback! Stay tuned.

Don't forget, though, that Simple Login is only one of several ways to do auth with Firebase, and we generally encourage larger customers to use Custom Auth. So, if you're blocked on this feature, you can always use custom auth:

https://www.firebase.com/docs/security/custom-login.html

-Andrew

--

Andrew Lee

Founder, Firebase

http://twitter.com/startupandrew

[Andrew Harbick]

The promise of simple login, though, is a "server-less" deployment.  Unless I'm misreading, custom auth requires a server that you own to be able to generate tokens.

Excited you're working on this!

Andy

You received this message because you are subscribed to a topic in the Google Groups "Firebase Google Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/firebase-talk/NgrLm8-5tZA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to firebase-tal...@googlegroups.com.

[Andrew Lee]

Yep. Totally understood.

We're working to make Simple Login (much) better. Stay tuned...

-Andrew

[Andrew Harbick]

Looking forward to it!

[Earl Dos Santos]

Any update on when a "forgot password" feature may be added? Until that's added, I have to create several hoops to send an e-mail to a user with reset instructions. I would love a way for Firebase to send an e-mail (showing up as from my domain if possible) that gets a user to reset their password.

[Rob DiMarco]

Hi everyone -

Thank you for your patience and feedback while we have been working on this feature.

As I mentioned in the wider e-mail blast to the Google Group, this feature is available now, and accessible from each of the Firebase Simple Login client libraries as well as from the 'Simple Login' tab in Forge.

Please reach out to me directly in case you run into problems, have questions / feedback, etc., about this feature or otherwise. I'd love to get any and all feedback you may have; please don't hesitate to reach out.

Thanks -

Rob DiMarco
Engineer @ Firebase

[Anthony DeFrancesco]

They just updated Simple Login email/password with password recovery, it should show up in the app console. There are options to send it form your own domain, though I believe that costs extra.

Anthony DeFrancesco