Android Question Best practice "in-enterprise" Authoring, need advise.

Cableguy

Expert
Licensed User
Longtime User
Hi guys,

I'm in the starting point of a new app.
This app is to be used "in-house" by my co-workers, but each must be Authored.
Every worker has a smartphone, and thus a Gmail Account, so I thought about using firebase services.
But from my initial experiments, anyone using my app, even if they got it "by chance", can be authored to it, right?
Is it possible to "control" the gmail accounts that are allowed to my app in firebase? (I haven't found how, therefore my question)
I also need to make some kind of "check for first use, then don't check again" as there will be times the user will be in a no gsm coverage area, thus working offline.

How would you guys tackle this?
 

MicroDrie

Well-Known Member
Licensed User
Is it possible to "control" the gmail accounts that are allowed to my app in firebase? (I haven't found how, therefore my question)
This is only authentication, in principle you check identification of the user (who am I).
Is it possible to "control" the gmail accounts that are allowed to my app in firebase? (I haven't found how, therefore my question)
Besides authentication (who am I) you will have to come up with an authorization method (what am I allowed to do). You know the username of the user and what you could do is to do an arithmetic operation on it, which yields a "pin code". You can have this calculated the username to "pin code" by the program and only give it to that person as a "pin code" for his username. When the program start (for the first time) it calculated and check both calculated "pin code" (the user have something from you). Depending on your security requirements, you can add all kinds of extra protections.

Another method is to set up an authorization server.
 
Upvote 0
Top