Auth Credentials for custom token Auth

408 views
Skip to first unread message

Alexander Cohen

unread,
Oct 7, 2016, 2:00:14 AM10/7/16
to fireba...@googlegroups.com
Hello,

I’ve started implementing sign in with custom tokens. The backend is taken care of and works as it should. Once we’re in our iOS app is when the questions start appearing. It’s simple to directly sign in using the custom token. But what if the user is not new and has already signed in using another provider, how do we create credentials in order to link the custom token auth to the current user? It seems like we should be able to create a FIRAuthCredential somehow in order to link it but there seem to be no docs or info on how to do that. My guess is that the actual flow we should have is to create a new Auth provider just like the ones for Google, Facebook and email/password and return a credential from that. Any help would be greatly appreciated.

regards,
Alex Cohen

Kato Richardson

unread,
Oct 7, 2016, 2:42:21 PM10/7/16
to Firebase Google Group
Hi Alex,

Creating a custom auth token does not create any sort of Firebase-managed credentials, and there is therefore nothing to "link" to other Firebase-managed creds. I'll double check with some auth experts and correct here if I've gotten this wrong.

It would be interesting to learn why you need to link these dissimilar accounts in any event--there's clearly no social network aggregation or other "joined" activity between them, so I'm interested in the use case where a social network login and custom token need to be treated as the same user and not unique identities.

☼, Kato


--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/634C9BFE-72BB-45AA-B185-35C4A11F7816%40gmail.com.
For more options, visit https://groups.google.com/d/optout.



--

Kato Richardson | Developer Programs Eng | kato...@google.com | 775-235-8398

Alexander Cohen

unread,
Oct 7, 2016, 3:02:05 PM10/7/16
to fireba...@googlegroups.com
Hi Kato,

So currently our app is signing in users anonymously. In an upcoming version, we plan on adding a few different types of login methods ( Facebook, and email/pass for example ). In order to keep the data we already have associated with these users, we plan to link the new credentials with the anonymous account. Up to now, that all works great.

Now let’s say for example I want to let users sign in using Instagram instead of FB or email/pass. That will require us to create the custom token on our backend, send it back to the app ( iOS in this case ) who in turn needs to call signInWithCustomToken. That is where i should call linkWithCredentials instead in order to link the Instagram custom token to the current user.

AC




To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

Jacob Wenger

unread,
Oct 7, 2016, 3:10:47 PM10/7/16
to fireba...@googlegroups.com
You cannot call linkWithCredentials() in this manner. But what exactly do you want / need to be in the token? Can you instead store that information in the Realtime Database? Can you explain your use case instead of your proposed solution?

Cheers,
Jacob

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/A8642E9A-5A11-4B2B-B5F7-D396666ACEC2%40gmail.com.

Alexander Cohen

unread,
Oct 7, 2016, 4:33:37 PM10/7/16
to fireba...@googlegroups.com
I want to add other auth providers that Firebase does not currently support. 

Use case: A user lands on the app login page and can currently choose email/password or Facebook. Surprisingly, a lot of our users don’t have FB accounts ( or twitter ). They do however have Instagram accounts. We would like to give them the opportunity to login using their Instagram account ( a nice ‘login with instagram’ button ). 

AC

To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

Jacob Wenger

unread,
Oct 7, 2016, 4:44:36 PM10/7/16
to fireba...@googlegroups.com
If you want to link third-party unsupported providers to existing users, you can create custom tokens with the same uid that user already has and they will be authenticated as the same user. Does that make sense?

Cheers,
Jacob

AC

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/74EB8B4F-1CC8-41FA-A73C-BBF76D025D8D%40gmail.com.

Alexander Cohen

unread,
Oct 8, 2016, 1:05:15 AM10/8/16
to fireba...@googlegroups.com
Yeah, that kind of makes sense. That at least moves me forward and keeps the link. There some small annoyances though such as with a custom token, the provider ends up being empty. Are there any plans on letting us create real custom providers any time soon?

AC



To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

Jacob Wenger

unread,
Oct 10, 2016, 12:29:02 PM10/10/16
to fireba...@googlegroups.com, Bassam Ojeil
+Bassam (who works on Firebase Auth and may have something to share)

Hey Alexander,

How would you like that feature to work? Are you looking for a new linkWithCustomCredential() method? What outcome would that have? I'm not aware of any changes we have planned here. Custom tokens already allow you to specify any claims you'd like and are very flexible. I think they should meet your use case but I'm interested to hear more if you disagree.

Cheers,
Jacob

AC



--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/2D5C55E5-6F6F-4489-BFB5-952CD1192141%40gmail.com.

Bassam

unread,
Oct 11, 2016, 3:09:34 PM10/11/16
to Firebase Google Group, boj...@google.com
Hey Alexander,
One way to link an unsupported provider custom token to an existing account is to get the Firebase account's user id and the unsupported provider user id and save a hash map that takes in the unsupported provider id and returns the firebase uid which you want to link to. When the user signs in to unsupported provider with custom token, you get the corresponding firebase uid from the map and return a custom token with that uid which on signInWithCustomToken resolves with the original firebase user.
This is messy but if this is important and urgent for you, it should work.

Bassam
AC



AC

To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/634C9BFE-72BB-45AA-B185-35C4A11F7816%40gmail.com.
For more options, visit https://groups.google.com/d/optout.



--

Kato Richardson | Developer Programs Eng | kato...@google.com | 775-235-8398


--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

Alexander Cohen

unread,
Oct 12, 2016, 3:39:30 AM10/12/16
to fireba...@googlegroups.com, Bassam Ojeil
Hi, I'm mostly just looking to be able to add new providers so they can become first class citizens just like any other provider directly supported by the firebase SDK. For example, the company I work for currently has 2 auth systems in place that work with email and password. I'd love to be able to build providers for each of them and and have "login with x" buttons just like we do for fb, google, twitter and so on.

For now I have hacks in place that mostly work based on what has been said on this list. It's not very elegant since they all require a completely different code path ( and handling ) than when using the built in providers. Also, the providerId field always appears empty in the provider info for the user which is not very helpful if you have multiple custom tokens that a user has logged in with.

To answer your question more directly, I don't want a 'linkWithCustomCredential'. What I'd like is to be able to to create a credentials subclass ( and the other related private classes ) and pass that directly into 'linkWithCredentials'. This would allow me to use my custom providers in the exact same way as I use the built in ones. 

Based on my testing and dumping of the firebase classes, it seems like it could work. In that testing, I got stuck in my credential subclass when a request is passed to it and it needs to be prepared before being sent of somewhere ( looked like a google URL ). At that point, it always asserts since the providerId in my subclass is not one that is supported ( I'm sure there's more to it but that's as far as I got - I gave up ).

Regards,
Alex

Sent from my iPad
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.

To post to this group, send email to fireba...@googlegroups.com.

Alexander Cohen

unread,
Oct 12, 2016, 3:40:30 AM10/12/16
to fireba...@googlegroups.com, boj...@google.com
That looks a lot like what I'm currently doing. You're right, It's messy but it works. I'm curious though, why is the whole auth and provider/credential part not usable for custom providers? Why go the custom token route instead of giving us access to first class custom providers.

Regards,
Alex

Sent from my iPad
Reply all
Reply to author
Forward
0 new messages