Is it possible to delete a firebase user in flutter without having the users credentials

Question

I know there are alot of examples to delete the currentUser, but my app manages its own users by a single admin. The admin are required to delete users, i have deleted the user in the firestore

await _read(firebaseFirestoreProvider)
        .userListRef()
        .doc(userId).delete();

But I still need to remove the actual user which does not seem possible without having the users credentials or being the current user.

Something like this, but i don't have the creds of the user i want to delete, i also don't want to save it in firestore

    AuthCredential credentials =
      EmailAuthProvider.getCredential(email: email, password: password);
  print(user);
  AuthResult result = await user.reauthenticateWithCredential(credentials);
  await DatabaseService(uid: result.user.uid).deleteuser(); // called from database class
  await result.user.delete();

Any help will be appreciated

Answer 1

You could deploy a Callable Cloud Function that deletes the user.

Since Cloud Functions use the Admin SDK and are executed in the back-end, you don't need to "be the current user" to delete the user. You simply use the deleteUser() method, as detailed in the doc which explains how to use the Admin SDK to manage the Firebase Authentication users.

From your Flutter app, you call the Cloud Function as explained in the FlutterFire doc, and pass the uid of the user to be delete (or the email, since you can use the getUser() or getUserByEmail() methods in the Cloud Function).

In the Cloud Function, you verify that the calling user is an admin before deleting the user. As a matter of fact with Callable Cloud Functions, the Firebase Authentication token is automatically included in requests and you can get the calling user's uid with context.auth.uid.