Android Question FirebaseAuth CreateCustomToken

npsonic · Apr 24, 2018

Would it be possible to get createCustomToken method to FirebaseAuth lib.

With this we could create FirebaseStorage folder with groudId for multiple authenticated users.

B4X:

// Allow reads if the group ID in your token matches the file metadata's `owner` property
// Allow writes if the group ID is in the user's custom token
match /files/{groupId}/{fileName} {
  allow read: if resource.metadata.owner == request.auth.token.groupId;
  allow write: if request.auth.token.groupId == groupId;
}

DonManfred · Apr 24, 2018

I dont think that FirebaseAuth is related to this. You are free to create such a FirebaseStorage folder if you want. But Firebase Storage is not related to Firebase Tokens...
You can store the tokens like you wish or where you wish.

You should subscribe the persons from a specific group to a Groupspecific TOPIC.
No need to store anything in this case. You just send the Message to a specific Topic.

Also it can be that i maybe just don´t get the point. Apologies if so.

npsonic · Apr 24, 2018

You should subscribe the persons from a specific group to a Groupspecific TOPIC.

Wouldn't that be very bad practice as everyone could just join any topic they want. Nothing would stop them.

It's in Firebase Authentication java file.

https://github.com/firebase/firebas...va/com/google/firebase/auth/FirebaseAuth.java

Also it's mentioned in Firebase tutorial videos.

DonManfred · Apr 24, 2018

They are talking about the ADMIN SDK. The ADMIN SDK and Firebase Auth are TWO different Solutions. The Admin SDK is a Server-Side-Solution.

You already can create custom Tokens using the Admin SDK.
This token allow Access for a specific time.

DonManfred · Apr 24, 2018

npsonic said:
just join any topic they want

Feel free to use unique Groupnames (md5 or whatever).... So they are hard to guess...

DonManfred · Apr 24, 2018

DonManfred said:
This token allow Access for a specific time.

Create custom tokens using the Firebase Admin SDK
The Firebase Admin SDK has a built-in method for creating custom tokens. At a minimum, you need to provide a uid, which can be any string but should uniquely identify the user or device you are authenticating. These tokens expire after one hour.

npsonic · Apr 24, 2018

I see, it seems that I don't completely understand how firebase storage and custom tokens work.

What should I do to meet these two conditions?
- Allow reads if the group ID in your token matches the file metadata's `owner` property
- Allow writes if the group ID is in the user's custom token

Storage folder should be created by client, so that it is only accessible with specific tokens or uids.

Android Question FirebaseAuth CreateCustomToken

npsonic

Active Member

DonManfred

Expert

npsonic

Active Member

DonManfred

Expert

DonManfred

Expert

DonManfred

Expert

npsonic

Active Member

Similar Threads