Reputation: 37
Have one user signup another user with custom fields in firebase/flutter
I am trying to determine if the following scenario is possible with flutter and firebase:
we have users within the company who will be given access to the app, where on the homepage will be a signup another user button where they enter in that user's email and password, they get signed up, and then the original user specifies custom fields for the 2nd user, such as company name, role, position, etc.
Is this possible with flutter and firebase?
Have asked the flutter google group and was told about custom authentications, but from what I see that is just an external authentication system and doesn't show me how to let one user create another users profile with fields.
Any ideas?
Upvotes: 0
Views: 568
Answers (1)
Reputation: 598728
The first thing to consider is whether those properties need to be in the user profile at all. The user profile is sent with every request, and should only contain information that is relevant for securing access. If you have additional information to store about the user, you should store it elsewhere (such as in one of Firebase's databases) using the UID of each user as its key.
Assuming that the information is about security (such as the role seems to be, there is no secure way to let one user set security properties (typically referred to as claims) from client-side code. As soon as this is allowed from client-side code, anyone could set such properties for anyone else. That's why setting custom claims for a user is only possible with Firebase's Admin SDKs, which are designed to run in a trusted environment - such as your development machine, a server you control, or Cloud Functions.
There are a few other options, but it's important to realize they're all implemented on top of the above approach.
- There is an experimental extension that allows you to set auth claims by writing a document into Firestore, which something like this (JavaScript syntax, but the Flutter code will be similar):
Now of course you'll want to make sure that you secure writing to thedb.collection("user_claims") .doc("abc123") .set({ role: "admin", groups: ["example1", "example2"], });user_claimscollection, as otherwise you'll end up with the same security risk I mentioned in the first paragraph, where everyone can claim any role they want. - Alternatively you can write your own server-side API (for example on Cloud Functions) that you expose to your application, and that then calls the Admin SDK. Here too, it is important to secure access to this API, to ensure only authorized users can call it.
Upvotes: 1
Related Questions
- How to link 2 users together in firebase Flutter
- create user with self-specified uid
- Custom username and password login using Flutter firebase
- FirebaseUser and User
- Flutter | Firebase User Authentication & Profile creation
- How to sign in with different types of user in flutter and firebase?
- How to allow user to create and switch between multiple accounts in Flutter?
- Creating a user with email and password(both at the same time) Firebase Flutter
- How do you register a new user in flutter and firebase?
- How to make Flutter sign up with more fields?