Is it possible to get the firebase user by UID?
Doubt consists of the following problem:
I have a project using firebase and ionic 3. I am using email authentication mode, in which you have the email and UID stored.
For example: I have 2 registered users in the base.
1_ [email protected] UID = 123
2_ [email protected] UID = 321
In my code I have a message element that has the id of who is sending, for example:
Message 1 = Description: "Description", user id: "123"
I am logged in with UID user 321 and I want to retrieve UID user 123 to display his email, How do I do that?
I did not want to store in the firebase database, but since there is no other way, then, someone would know how to tell me how to create a registration screen that registers via email/password and that stores in firebase this data.
PS: I am trying using authentication via logged in user token to write in the database, but to perform the registration there is no token, so I'm not succeeding.
This is:
return this.http
.post(this.urlDataBase + email + '/user.json?auth=' + token, usuario)
.map((response: Response) => {
console.log(response);
return response.json();
});
But it's not saving in firebase, it's giving error 400:
Response {_body: "{↵ "error" : "Invalid path: Invalid token in path"↵}↵", status: 400, ok: false, statusText: "Bad Request", headers: Headers, …}
2 answers
As stated in the Link, it is not possible to do this reading from Firebase directly, but there are some other ways to do the validations so that CRUD operations can be performed directly in firebase.
When using email / password authentication in Firebase Authentication (previously known as Firebase SimpleLogin), your user's email and password combination is securely stored separately from the data actually stored in your Firebase.
This barrier between the data in your Firebase and your users' e-mail / password-hash combinations is by design: we want to make it easier for you to (1) develop your application, (2) to prevent any accidental user, credential leaks, and (3) will still give you full flexibility with how to store your user data in Firebase.
*that means that we only store the email address / password hash combination and nothing else, so it is up to you to decide how to store actual user data in your Firebase. *
GOOGLE TRANSLATE-TRANSLATION
When using email / password authentication in Firebase Authentication (formerly known as Firebase SimpleLogin), the user's email and password combination is securely stored separately from the data stored in Firebase.
This barrier between the data in your Firebase and users ' password / email hash combinations is by design: we want to make it easier for you (1) develop your Application, (2) prevent any accidental leakage of user credentials, and (3) still offer full flexibility on how to store your user data in Firebase.
This means that we only store the email address / password hash combination and nothing else. So it's up to you to decide how to store real user data in your Firebase.
Well you can take the user ID and store this data in your Firebase in a location like /users/$id and use Firebase Security Rules Language to determine read / write access to this data. The unique ID and email of your users are already in the auth variable that you will use when writing the rules.
Another alternative is
- the application enter with an "Admin" access (read and/or write only [depends on needs])
- pick up a list of Firebase users
- use the list to make the necessary validations
Thus you you would be logged in and be able to do the operations of creating user, updating data, deleting a user, reading users, etc.
I went through the same problem. There is no other way but to store the UID + information of this user inside the Firestore/Real DataBase.
Firestore Authentication is actually an isolated user authentication service, just like AWS Cognito where access information is stored within that service.
Searching a bit, I realized that I should store inside a Collection "User" the user data (first name, last name, email, city...) and also the UID as key (id).
The flow was basically:
1) the user makes the registration in the application 2) Firestore Authentication generates a new authenticated 3) automatically I create a new DOC inside the Collection "User" having the ID identical to the UID generated inside the FA.
Inside the official Firestore Forum I found many people talking that this would not be "incorrect" as the user'S UID does not offer any possibility of access to sensitive data and it's not one either.