How to use Firebase Admin SDK in Flutter?

Question

I'm creating a app where I should be able of managing users access. The admin should have permissions of creating, deleting and editing users accounts.

I'm using firebase for creating users account.

Right now individually users can creating, editing and delete their accounts, but the problem is that the admin should do that, and not just the users.

import 'dart:async';
import 'package:firebase_auth/firebase_auth.dart';
import 'package:flutter/services.dart';
import 'package:google_sign_in/google_sign_in.dart';

class UserLoader {
  final FirebaseAuth _auth = FirebaseAuth.instance;
  final GoogleSignIn googleSIgnIn = new GoogleSignIn();
  static final UserLoader _singleton = new UserLoader._internal();
  FirebaseUser user;

  factory UserLoader() {
    return _singleton;
  }

  UserLoader._internal();

  Future<FirebaseUser> signInWithEmailAndPassword(email, password) async {
    if (user != null) return user;
    _signInAnonymously().then((value) {
      if (value != null) {
        user = value;
      }
    }).catchError((e) {
      return null;
    });
    if (user == null) {
      FirebaseUser user = await _auth.signInWithEmailAndPassword(
          email: email, password: password).catchError(
              (onError)
                {
                  print(onError);
                });
      return user;
    } else {
      return null;
    }
  }

  Future<FirebaseUser> signInWithGoogle() async {
    if (user != null) return user;
    _signInAnonymously().then((value) {
      if (value != null) {
        user = value;
      }
    }).catchError((e) {
      print(e.toString());
    });
    if (user == null) {
      GoogleSignInAccount googleSignInAccount = await googleSIgnIn.signIn();
      GoogleSignInAuthentication gSA = await googleSignInAccount.authentication;

      FirebaseUser user = await _auth.signInWithGoogle(
          idToken: gSA.idToken, accessToken: gSA.accessToken);
      return user;
    } else {
      return null;
    }
  }

  Future<FirebaseUser> _signInAnonymously() async {
    if (user != null) return user;
    user = await _auth.signInAnonymously();
    return user;
  }

  Future signOut() async {
    await _auth.signOut();
    await googleSIgnIn.signOut();
    user = null;
  }

  Future changePassword(email) async{
    await _auth.sendPasswordResetEmail(email: email);
  }

  Future createNewUser(email){
    _auth.createUserWithEmailAndPassword(email: email, password: "new_pass");
  }


  Future deleteUser(FirebaseUser firebaseUser){
    firebaseUser.delete();
  }
}

I think that Firebase Admin should do the trick but I'm not sure.

Answer 1

Download the admin SDK: https://pub.dev/packages/firebase_admin

Use:

import 'package:firebase_admin/firebase_admin.dart';

main() async {
  var app = FirebaseAdmin.instance.initializeApp(AppOptions(
    credential: ServiceAccountCredential('service-account.json'),
  ));

  String customerUserToken = await app.auth().createCustomToken("userId");
}

Answer 2

There isn't an SDK for even dart, so if your server-side application is written in Dart then you'll have to depend on another that is written in node.js, Python, C#, Go or Java as these are the only SDKs that are provided.

If you insist on doing this on your client-side app, then FCM HTTP v1 API is your best shot. You can obtain an access token with Google API Auth to access the Google APIs

Doc: Firebase Documentation

Answer 3

The Firebase Admin SDK is only available for use in trusted environments, such as your development machine, a server you control, or Cloud Functions for Firebase. It is (intentionally) not available for use in client-side apps, such as those deployed on Android or iOS, neither when you build those with native code, nor when you build them through Flutter.

The only option is to implement the functionality you want with the Admin SDK in a trusted environment, and expose an end-point to your Flutter app. If you end up doing this, make sure to secure access to the end-point so that only the admin users of your app can access it. For an example of how to secure access with Cloud Functions, see this sample in the functions-samples repo.