Firebase auth - multiple auth providers / capture email address / one-time URL code

[Dean Taylor]

Hi,

Trying to get a handle on Firebase auth and how it relates to real world web apps as they are now.

1. Do you have any samples for rules / apps which cover using multiple auth providers at the same time?

2. Really I after a user using an app as an Anonymous user (with a uid) and then later after the user has stored information (perhaps filling out a multi page form) (using Anonymous) allowing that user to authenticate with Google and the existing stored (as Anonymous) information be accessible or already associated with the user. How can I do this?

The How can I auth more than one session at a time? topic seems related, but makes use of undocumented API and there is no mention of which version this was available in. Is it still available - any update on this?

3. I would like to consider capturing the users email address from the Google auth, is this also possible?

4. Auth without access to the email seems broken in that a user can loose access to a Facebook, Twitter or other account and then be locked out of apps which solely depend on that auth, i.e. can't switch to other auth provider because email address not stored. Shouldn't the user be able to switch?

4. I would also like to generate a one-time login URL / very short code client-side by an authenticated user - for that code perhaps "DD44RX" to then be entered on a different device authenticating the user on that new device. This is both to allow users to move between devices when part way through a process and to allow users to login on devices which the input of an email address and password is bothersome. 

Thanks,

Dean.

[Dean Taylor]

I realise my post comes in multiple parts...

... basically a brain dump of my questions regarding auth.

Don't be afraid to answer only a small part if you can :) 

[Jacob Wenger]

Hey Dean,

Sorry for the delay in getting back to you. Let's see if I can get you some answers:

1. Do you have any samples for rules / apps which cover using multiple auth providers at the same time?

Check out this other Google Groups thread.

2. Really I after a user using an app as an Anonymous user (with a uid) and then later after the user has stored information (perhaps filling out a multi page form) (using Anonymous) allowing that user to authenticate with Google and the existing stored (as Anonymous) information be accessible or already associated with the user. How can I do this?

The How can I auth more than one session at a time? topic seems related, but makes use of undocumented API and there is no mention of which version this was available in. Is it still available - any update on this?

The context API is still available, but since it is still undocumented, you should use it as your own discretion. It does work though.

3. I would like to consider capturing the users email address from the Google auth, is this also possible?

Yes, you need to pass the email scope during login, Check out the "Optional Settings" section here.

4. Auth without access to the email seems broken in that a user can loose access to a Facebook, Twitter or other account and then be locked out of apps which solely depend on that auth, i.e. can't switch to other auth provider because email address not stored. Shouldn't the user be able to switch?

Not sure what you are getting at here. As noted above, you can get the email for all providers by passing the appropriate scope and you can store that email in your Firebase database for future reference or to cross-reference across providers.

5. I would also like to generate a one-time login URL / very short code client-side by an authenticated user - for that code perhaps "DD44RX" to then be entered on a different device authenticating the user on that new device. This is both to allow users to move between devices when part way through a process and to allow users to login on devices which the input of an email address and password is bothersome.

This is not going to really be possible using our delegated auth service. To generate a new auth token on a new device, you either have to (a) share the token (which has security implications) or (b) go through the login flow on the new device (which requires the full email / password or OAuth flow). So while this would be a nifty feature, it has security implications and is not offered by Firebase Auth.

Cheers,
Jacob

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/22888cf5-3260-40d1-88a4-ed59624dfa30%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Dean Taylor]

Thanks for the feedback Jacob!