Android Question FirebaseAuth Use Case

aeric

Well-Known Member
Licensed User
I have followed this thread to set up FirebaseAuth
https://www.b4x.com/android/forum/threads/firebaseauth-authenticate-your-users.67875/

I understand that FirebaseAuth can be integrated into Android app for app user to Sign In with Google or other providers such as Facebook and Email-Password. The FirebaseAuth library returns FirebaseUser with Display Name, Email and Photo.

I created an app (My Tenant 2019) where I have created all the screens for register user, login, reset forgotten password and update avatar photo. My app connect to my shared hosting using HttpUtils where I have MySQL database table to store my user profile and all the communications are using PHP API I created myself.

Now I decided to integrate login with Google account with FirebaseAuth.

Question 1: What is the correct or recommended way to integrate FirebaseAuth to sign in using Google?

Currently, my B4A app send (POST) user email and password inside JSON string to a URL for authentication.
01.png


The PHP backend will check the email and password exist in database and return the results. The user table has an ID column and has a one-to-many relationship with payment table.

Question 2: If I sign in using Google, I still need to create an entry in my MySQL table right? (without storing user's hash password and photo in my hosting)

I have to create another API specific for FirebaseAuth sign in but I am not sending the password this time. If I translated into API call, then it will look something like this:
02.png


This is not correct. Now the API can be access by anyone with the correct URL and email without having the password.

The solution I can think of is using Firebase Admin SDK to build a token id verification app into my backend PHP using https://github.com/kreait/firebase-php or https://github.com/firebase/firebaseui-web
Question 3: Do I really have to go this path?

Question 4: Can FirebaseAuth replace all my function for register, sign in and reset password?

Question 5: Do I need to scrap my MySQL database and just go for Firebase Firestore or Real-time database for "simplicity" or "performance"?

My intention is to make my app and data more secure. Any advice is welcome. Thanks.
 

aeric

Well-Known Member
Licensed User
Question 2:
I guess this is not necessary
May I know how I can link the firebaseuser to his/her data?

Let say in MySQL database table, I have the following:

tbl_user
================
| id | email
================
| 1 | b4xuser1@gmail.com
================
| 2 | b4xuser2@gmail.com
================

tbl_payment
================
| user_id | payee_code
================
| 1 | 123456
================
| 1 | 456789
================
| 2 | 234567
================
| 2 | 345678
================

By using normal login, it is easy to get the payment data for user id = 1 by querying the database using SQL.

Where else if user is signing in with firebaseauth, the user is added in firebase console, not in MySQL database because I didn't assign any user id for the user.

authentication.png
 

aeric

Well-Known Member
Licensed User
Question 1 & 2: I guess I still need to prompt the user to enter his/her password during sign up. This password can be different from the password used to login to google. Without a password, I can't think how to verify the user to access his/her data.

Perhaps, FirebaseAuth is not suitable for my use case because the user need to access/update the database in server in long term unless I also use Firebase Firestore or Realtime database.
 

asales

Well-Known Member
Licensed User
Question 1 & 2: I guess I still need to prompt the user to enter his/her password during sign up. This password can be different from the password used to login to google. Without a password, I can't think how to verify the user to access his/her data.

Perhaps, FirebaseAuth is not suitable for my use case because the user need to access/update the database in server in long term unless I also use Firebase Firestore or Realtime database.
Use the FirebaseAuth only to authentication.
You can verify the data with the e-mail used in the authentication.
 
Top