I need to delete all anonymous users in Firebase Authentication.
but I don't know how to delete all anonymous firebase user authentication using Node JS admin SDK. I have tried to read the documentation, but I just can find the trigger when user created or deleted
Related
I want to know how to create an api user and how api user is different from a general user. I want to create api user in node and express.js
I am expecting that I can create an api user.
I'm creating Node.js server that uses Google Oauth2 for authenticating users. I have my project in my organization created in Google Cloud Platform. And I've setup Oauth2, so only users of my organization can be authorized to use the service.
All users will be described as IAM members of project, and so everyone will have a specific role and permissions granted for their role. Users now can be authenticated and authorized in my app with Oauth2 (only users of my organization). The problem is I have no any clue how to retrieve their roles in my project from IAM. At first I used to think I only need to pass specific scopes in authorization methods (I am using Passport.js and GoogleStrategy). But then I realized that it only can be done after user have been authorized with next API request (is that even right?).
I've read IAM API documentation many times but only ended up with methods that allows me to retrieve arrays of presets of roles or policies or testable permissions or something created and used in my project. But I can't see any method allowing me to ask a service to retrieve a specific role and permissions for user (by email or google id) and send it back to me, so my Node server gets to know what this user is allowed to do. Maybe I need to dig somewhere else..
You can use CloudResourceManager service to retrieve a project's IAM policy. This will include project-specific (not inherited) role bindings: accounts (including user's) and their IAM roles:
https://cloud.google.com/resource-manager/reference/rest/v3/projects/getIamPolicy
I have been trying to create a connection with the gmail api. It worked when I followed this example: https://developers.google.com/gmail/api/quickstart/nodejs
The problem is, this requires the user to browse to a URL and then enter an authentication code in the CLI. This is possible on my local dev machine, but I don't see how this should be done when deployed on a production server, in a docker container. Additionally this method requires you to store a file in your project folder containing your credentials (sensitive data that I don't want to have in my Dockerfile obviously).
My second attempt was using JWT. I followed these steps Send mail via Google Apps Gmail using service account domain wide delegation in nodejs. This works until I actually try to retreive the email from the inbox. I get an error saying GaxiosError: unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.. I have created a service account with domain wide delegation so the account should be authorized to do anything.
Then I read this:
"Service accounts only work with GSuite because you have to be able to preauthorize the service account and grant it access to the users account. There is no way to preauthorize a normal user Gmail account. So no you cant use a service account with a normal users gmail account." source: Client is unauthorized to retrieve access tokens using this method Gmail API C#
I have also looked at using just an api key, but this option is not available for gmail.
How the hell am I supposed to authenticate from my container?
So it turns out the account I was using didn't have the correct rights. We did have a gsuite. Everything is working as expected now! :)
Currently, I tried to find a way to create a keycloak user and just found cases that need to have an admin access token (mean that need to log in with admin account first).
My client-server(java) system using keycloak for authentication and need a function for new user able to register a new account on the client.
Is there any way to create a user via the rest API and no need an admin token? If not, should I store the keycloak admin username/password to my server-side and using it to register a user (with this case, please share me the way to secure admin credentials if you know)?
IM using the new firebase admin SDK for node js and I created an api where I can add users. Everything is working fine but when I see a new user in my firebase dashboard I find Anonymous.
When you create a custom authentication token with Firebase Admin SDK, those users are not shown in the Firebase Authentication console.