-3

i have a button and i know a user's unique UID generated by firebase after a user is created on the firebase console's authentication page, now upon clicking the button i want to login that user, is that possible? if yes how? i don't want to use email and password, i want to login with just the UID.

I have tried creating custom token as shown here Cannot Resolve setCredentials in FirebaseOptions.Builder().setCredentials(...)

In my application i'm using a face recognition api, so the user can login by two ways: 1)manually by entering email, password and clicking sign in. 2)in the sign in page there is a button to sign in with face, clicking on which it scans the face and returns the UID of the user if exists, now i want to signin that user.

please help.

Srijay
  • 53
  • 10
  • Do you mean that you want to login in to some user account without their knowledge? or do you want the user to be able to login without email/password? – Gautham M Nov 09 '18 at 06:50
  • the second one, i'll edit my question to explain my applicaiton – Srijay Nov 09 '18 at 06:53
  • authentication using email link is available. that requires no password. – Gautham M Nov 09 '18 at 06:56
  • @GauthamM i just checked authenticaiton using email link, but for that the user should open his mail inbox and click on the link to signin, which is not what i want – Srijay Nov 09 '18 at 07:00
  • A user's UID identifies a user, but does not allow you to authenticate as that user. See https://stackoverflow.com/questions/39133918/restricting-firebase-read-write-access-to-only-myself/39135299#39135299 and https://stackoverflow.com/questions/37221760/firebase-is-auth-uid-a-shared-secret – Frank van Puffelen Nov 09 '18 at 14:44
  • @Srijay I think its possible, but I haven't tried this method yet. Create a cloud function which creates a custom user token from the uid using the admin sdk: https://firebase.google.com/docs/auth/admin/create-custom-tokens . Then return the custom token to the frontend and sign in using firebase.auth().signInWithCustomToken . It's not letting me post an answer for some reason. Good Luck! – user1689987 Jan 07 '21 at 04:07

2 Answers2

1

What you're trying to do is not possible. Client-based authentication requires that you provide credentials for the login, not just a uid. It would be a huge security hole if anyone using an app could log in just knowing a uid.

If you want to do something on behalf of a user without logging in, you should do that on a secure backend you control using the Firebase Admin SDK.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
  • i was trying to do using firebase admin sdk, but i couldn't do it, check the link in the question, see if you can help me out there...thanks:) – Srijay Nov 09 '18 at 07:58
  • The answer of that question is correct. You can't use the Admin SDK in a client app. You need a backend that you control. – Doug Stevenson Nov 09 '18 at 08:01
0

Then while creating the account the user should upload a picture and then you can use the firebase database to store the face details, email and password with UID as the key. Then while logging in using the Face recognition, if the face details match with those in the database, then the user is logged in. But i don't think this is secure.

Gautham M
  • 4,816
  • 3
  • 15
  • 37
  • yes, it can be done by storing passwords in database, but i don't want that, is there any other way? thanks! – Srijay Nov 09 '18 at 07:25