I have followed this thread to set up FirebaseAuth
https://www.b4x.com/android/forum/threads/firebaseauth-authenticate-your-users.67875/
I understand that FirebaseAuth can be integrated into Android app for app user to Sign In with Google or other providers such as Facebook and Email-Password. The FirebaseAuth library returns FirebaseUser with Display Name, Email and Photo.
I created an app (My Tenant 2019) where I have created all the screens for register user, login, reset forgotten password and update avatar photo. My app connect to my shared hosting using HttpUtils where I have MySQL database table to store my user profile and all the communications are using PHP API I created myself.
Now I decided to integrate login with Google account with FirebaseAuth.
Question 1: What is the correct or recommended way to integrate FirebaseAuth to sign in using Google?
Currently, my B4A app send (POST) user email and password inside JSON string to a URL for authentication.
The PHP backend will check the email and password exist in database and return the results. The user table has an ID column and has a one-to-many relationship with payment table.
Question 2: If I sign in using Google, I still need to create an entry in my MySQL table right? (without storing user's hash password and photo in my hosting)
I have to create another API specific for FirebaseAuth sign in but I am not sending the password this time. If I translated into API call, then it will look something like this:
This is not correct. Now the API can be access by anyone with the correct URL and email without having the password.
The solution I can think of is using Firebase Admin SDK to build a token id verification app into my backend PHP using https://github.com/kreait/firebase-php or https://github.com/firebase/firebaseui-web
Question 3: Do I really have to go this path?
Question 4: Can FirebaseAuth replace all my function for register, sign in and reset password?
Question 5: Do I need to scrap my MySQL database and just go for Firebase Firestore or Real-time database for "simplicity" or "performance"?
My intention is to make my app and data more secure. Any advice is welcome. Thanks.
https://www.b4x.com/android/forum/threads/firebaseauth-authenticate-your-users.67875/
I understand that FirebaseAuth can be integrated into Android app for app user to Sign In with Google or other providers such as Facebook and Email-Password. The FirebaseAuth library returns FirebaseUser with Display Name, Email and Photo.
I created an app (My Tenant 2019) where I have created all the screens for register user, login, reset forgotten password and update avatar photo. My app connect to my shared hosting using HttpUtils where I have MySQL database table to store my user profile and all the communications are using PHP API I created myself.
Now I decided to integrate login with Google account with FirebaseAuth.
Question 1: What is the correct or recommended way to integrate FirebaseAuth to sign in using Google?
Currently, my B4A app send (POST) user email and password inside JSON string to a URL for authentication.
The PHP backend will check the email and password exist in database and return the results. The user table has an ID column and has a one-to-many relationship with payment table.
Question 2: If I sign in using Google, I still need to create an entry in my MySQL table right? (without storing user's hash password and photo in my hosting)
I have to create another API specific for FirebaseAuth sign in but I am not sending the password this time. If I translated into API call, then it will look something like this:
This is not correct. Now the API can be access by anyone with the correct URL and email without having the password.
The solution I can think of is using Firebase Admin SDK to build a token id verification app into my backend PHP using https://github.com/kreait/firebase-php or https://github.com/firebase/firebaseui-web
Question 3: Do I really have to go this path?
Question 4: Can FirebaseAuth replace all my function for register, sign in and reset password?
Question 5: Do I need to scrap my MySQL database and just go for Firebase Firestore or Real-time database for "simplicity" or "performance"?
My intention is to make my app and data more secure. Any advice is welcome. Thanks.
