Five Things You Didn't Know About Firebase Auth

1. 5 Things You Didn’t Know About Firebase Auth Peter Friese, Developer Advocate, Google @peterfriese

2. Photo by Daniil Kuželev on Unsplash Why authenticate?

3. Photoby malcolmgarret from Pexels You need to be able to tell them apart

4. Provide a custom experience Photo by Andersen Jensen on Unsplash

5. Photo by Jonathunder on WikiMedia Commons Keep their data safe

6. 🤷 Photo by Andersen Jensen on Unsplash How hard can it be?

7. 🤷 Photo by Andersen Jensen on Unsplash How hard can it be? • Ask users for username and password • Check if they match • Done! Right?

10. Security is complex

11. Security is expensive

15. Improve app quality Crashlytics Performance Monitoring Test Lab App Distribution Grow your app Analytics Predictions Cloud Messaging Remote Config A/B Testing Dynamic Links In-app Messaging Build better apps Auth Cloud Functions Cloud Firestore Hosting ML Kit Realtime Database Cloud Storage bit.ly/what-is-firebase

16. • Username & Password • Email/Link (“passwordless”) • Federated Identity Providers • Google Sign-in • Facebook Login • Twitter Login • Github • Microsoft • Sign in with Apple (coming soon) • Game Center (ß) • Play Games • Phone Number • Custom Authentication System

17. service cloud.firestore { match /databases/{database}/documents { // Make sure the uid of the requesting user matches name of the user // document. The wildcard expression {userId} makes the userId variable // available in rules. match /users/{userId} { allow read, update, delete: if request.auth.uid == userId; allow create: if request.auth.uid != null; } } } Security Rules

26. Sign-in speed bump • Users will uninstall your app • They will leave 1 ⭐ ratings 😱 • Users demand a sign-in free experience • Until you can incentivise them to sign in

27. What’s the Alternative? • Store data locally • Once users decide to sign in: sync their data • The consequence is…

28. 😱 Implement your own sync logic

29. • Sign in anonymously • Users get a UUID (just like any other Firebase User) • Works transparently with other Firebase products • User.isAnonymous • Upgrade to full user by account linking Anonymous Auth

30. Auth.auth().signInAnonymously() { (authResult, error) in guard let user = authResult ?.user else { return } let isAnonymous = user.isAnonymous // true let uid = user.uid } Anonymous Auth

34. let credential = EmailAuthProvider.credential( withEmail: email, password: password) user.link(with: credential) { (authResult, error) in // ... } Upgrade anonymous users

35. let credential = EmailAuthProvider.credential( withEmail: email, password: password) user.link(with: credential) { (authResult, error) in // ... } Upgrade anonymous users

36. https://xkcd.com/936/ Passwords are a problem

37. – Todd McKinnon, CEO, Okta “The best password is no password at all” Source: https://www.infosecurity-magazine.com/news/oktane18-the-best-password/

38. • Turn on Email/Link sign-in for your Firebase project • Configure Firebase Dynamic Links for your app • Send an authentication link to the user’s email address • Verify the link and sign in Email/Link Authentication

39. let actionCodeSettings = ActionCodeSettings() actionCodeSettings.url = URL(string: "https: // www.example.com") // The sign-in operation has to always be completed in the app. actionCodeSettings.handleCodeInApp = true actionCodeSettings.setIOSBundleID(Bundle.main.bundleIdentifier!) actionCodeSettings.setAndroidPackageName("com.example.android", installIfNotAvailable: false, minimumVersion: “12") Email/Link Authentication

40. Auth.auth().sendSignInLink(toEmail:email, actionCodeSettings: actionCodeSettings) { error in if let error = error { self.showMessagePrompt(error.localizedDescription) return } self.showMessagePrompt("Check your email for link") UserDefaults.standard.set(email, forKey: "Email") } Email/Link Authentication

43. if Auth.auth().isSignIn(withEmailLink: link) { Auth.auth().signIn(withEmail: email, link: self.link) { (user, error) in // ... } } Email/Link Authentication

44. if Auth.auth().isSignIn(withEmailLink: link) { Auth.auth().signIn(withEmail: email, link: self.link) { (user, error) in // ... } } Email/Link Authentication

45. iOS Cross-Application Auth

46. Firebase & iOS App Extensions

47. iOS App Extension Communication App extension Host app Containing App Request Response

48. iOS App Extension Shared Data • Use a shared container • Use NSUserDefaults • Use a shared keychain

49. Containing App’s bundle Extension’s bundle App’s container Extension’s container Optional shared container Extension process App process iOS App Extension Shared Data

50. • Enable App Groups (via Xcode / Developer portal) • Add all apps / extensions to the same group • Enable Keychain Sharing • Add the same keychain groups for all apps iOS Cross-App Authentication

51. do { try Auth.auth().useUserAccessGroup("TEAMID.com.example.group1") } catch let error as NSError { print("Error changing user access group: %@", error) } iOS Cross-App Authentication

52. Auth.auth().signIn(withEmail: email, password: password) { (result, error) in if let error = error { print(error.localizedDescription) return } // ... } iOS Cross-App Authentication

53. Photo by nappy from Pexels Demo

54. Sometimes, you need to migrate users Moving project (e.g. development to production) You want to migrate from a third-party auth solution You want to sync with another system Photo by Ryoji Iwata on Unsplash

55. Two ways • Firebase Admin SDK • Firebase CLI

56. firebase auth:export account_file --format=file_format Export / import users firebase auth:import account_file

57. firebase auth:export account_file --format=file_format Export / import users firebase auth:import account_file

58. { "users": [ { "localId": uid, "email": email-address "emailVerified": email-verified, "passwordHash": base64-encoded-password-hash, "salt": base64-encoded-password-salt, "displayName": name, "photoUrl": photo-url, "createdAt": created-at-in-millis, "lastSignedInAt": last-signedin-at-in-millis, "phoneNumber": phone-number "providerUserInfo": [ { "providerId": provider-id, "rawId": provider-uid, File format

59. Import / Export https://ﬁrebase.google.com/docs/cli/auth

60. Sometimes, users move on Photo by nappy from Pexels

61. Photo by nappy from Pexels But you still have their data Photo by Lucas França from Pexels

62. 🤔 How to remove user data when they delete their account?

63. • Pre-packaged solutions • Configurable • Easily deploy via CLI or Firebase console Firebase Extensions

64. Firebase Extensions

65. Configuration • Supported storage locations • Cloud Firestore • Realtime Database • Cloud Storage

66. export const clearData = functions.auth.user().onDelete(async (user) => { logs.start(); await Promise.all(promises); // ... logs.complete(uid); }); Source Code

67. Open Source https://github.com/ﬁrebase/extensions

68. Thanks! Peter Friese, Developer Advocate, Google @peterfriese https://peterfriese.dev https://medium.com/@peterfriese https://medium.com/firebase-developers

69. The End.

Five Things You Didn't Know About Firebase Auth

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Five Things You Didn't Know About Firebase Auth

Similar to Five Things You Didn't Know About Firebase Auth (20)

More from Peter Friese

More from Peter Friese (20)

Recently uploaded

Recently uploaded (20)

Five Things You Didn't Know About Firebase Auth