email & password authentication - firebase

8/19/2019 Email & Password Authentication - Firebase

http://slidepdf.com/reader/full/email-password-authentication-firebase 1/7


https://www.firebase.com/docs/web/guide/login/password.html

Web Guide User Authentication Email & Password Authentication

Creating an account will not log that new account in.

JAVASCRIPT WEB GUIDE

Email & Password Authenticatio

n

Authenticating Users with Email & Password

Creating User Accounts

Firebase makes it easy to integrate email and password authentication into your app.

The credentials are not stored in your Firebase database. They are kept in a secure

database behind the Firebase Authentication servers, and stored securely using bcrypt

This separates sensitive user credentials from your application data, and lets you focus

on the user interface and experience for your app.

Firebase backs this data up daily and exports the credentials to redundant, off-site

backups at a secured location.

Firebase clients expose a number of JavaScript convenience methods for account

creation and management, letting you have full control over the interface for your

application. Create new user accounts with the following snippet:

1. var ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");

2. ref.createUser({

3. email : "[email protected]",

4. password : "correcthorsebatterystaple"

5. }, function(error, userData) {

6. if (error) {

7. console.log("Error creating user:", error);

8. } else {

9. console.log("Successfully created user account with uid:", userData.uid);

10. }

11. });

https://www.firebase.com/docs


https://www.firebase.com/docs/web/guide/





https://www.firebase.com/docs/web/guide/user-auth.html










Logging Users In

Optional Settings

Once an account has been created, you can log a user in with the following snippet:


2. ref.authWithPassword({



5. }, function(error, authData) {

6. if (error) {

7. console.log("Login Failed!", error);

8. } else {

9. console.log("Authenticated successfully with payload:", authData);

10. }

11. });

authWithPassword() takes an optional third parameter which is an object

containing any of the following settings:

Name Description Type

remember

If not specified - or set to default - sessions are persisted for

as long as you have configured in the Login & Auth tab of your

App Dashboard. To limit persistence to the lifetime of the current

window, set this to sessionOnly . A value of none will not

persist authentication data at all and will end authentication as

soon as the page is closed.

String

Here is an example of password login where the session will expire upon

browser shutdown:






2. ref.authWithPassword({



5. }, function(error, authData) { /* Your Code */ }, {

6. remember: "sessionOnly"

7. });

The authData object returned to your callback contains the following fields:

authData Object

Field Description Type

uidA unique user ID, intended as the user's unique

key across all providers.String

providerThe authentication method used, in this case:

password .String

token The Firebase authentication token for this session. String

auth

The contents of the authentication token, which

will be available as the auth variable within your

Security and Firebase Rules.

Object

expires

A timestamp, in seconds since the UNIX epoch,

indicating when the authentication token expires. Number

password An object containing provider-specific data. Object

password.email The user's email address. String

https://www.firebase.com/docs/security/api/rule/auth.html





Security and Firebase Rules

password.isTemporaryPasswordWhether or not the user authenticated using a

temporary password, as used in password reset

flows.

Boolean

password.profileImageURL

The URL to the user's Gravatar profile image,

which is retrieved from hashing the user's email. If

the user does not have a Gravatar profile, then a

pixelated face is used.

String

Now that the client is logged in, your Security and Firebase Rules have access to their

unique user ID. The auth variable contains the following values:

auth Variable

Field Description Type

uid A unique user ID, intended as the user's unique key across all providers. String

provider The authentication method used, in this case: password . String

Here is an example of how to use the auth variable in your Security and Firebase

Rules:

1. {

2. "rules": {

3. "users": {

4. "$uid": {

5. // grants write access to the owner of this user account whose uid mus

6. ".write": "auth !== null && auth.uid === $uid",

7.

https://www.firebase.com/docs/security/api/rule/auth.html

https://www.firebase.com/docs/security/guide/securing-data.html

https://en.gravatar.com/





See the User Authentication and User Based Security articles for more details.

Changing Emails

Changing Passwords

8. // grants read access to any user who is logged in with an email and p

9. ".read": "auth !== null && auth.provider === 'password'"

10. }

11. }

12. }

13. }

You can change the email for a user using the existing email address and password as

shown:


2. ref.changeEmail({

3. oldEmail : "[email protected]",

4. newEmail : "[email protected]",


6. }, function(error) {

7. if (error === null) {

8. console.log("Email changed successfully");

9. } else {

10. console.log("Error changing email:", error);

11. }

12. });

You can change the password for a user using the email address and current password

as shown:


2. ref.changePassword({


4. oldPassword : "correcthorsebatterystaple",

5. newPassword : "neatsupersecurenewpassword"

https://www.firebase.com/docs/security/guide/user-security.html






Sending Password Reset Emails

Deleting Users



8. console.log("Password changed successfully");

9. } else {

10. console.log("Error changing password:", error);

11. }

12. });

You can send the user a password reset email using the email address for that account


2. ref.resetPassword({

3. email : "[email protected]"



6. console.log("Password reset email sent successfully");

7. } else {

8. console.log("Error sending password reset email:", error);

9. }

10. });

You can edit the content of the password reset email from the Login & Auth tab of youApp Dashboard.

You can delete a user using their email address and password as shown below:


2. ref.removeUser({





7. console.log("User removed successfully");

8. } else {

9. console.log("Error removing user:", error);





10. }

11. });

email & password authentication - firebase

Documents