Currently I have email authenticated users on my firebase account using the new authentication api. Currently I am not using the real time database to store my users I am using the default email and password to authentication store user information. There is no admin sdk for python that allows me to delete users in firebase that aren't in the real time database. My question is how to delete the users that appear in only the authentication part of firebase using the libraries in python so I can manage users on the server side.
User Management outside of the console now supports python, go, and java.
How to delete a user with python:
from firebase_admin import auth
auth.delete_user(uid)
Here's the API:
https://firebase.google.com/docs/auth/admin/manage-users#delete_a_user
Related
I worked with firebase connectivity from application and from backend server using admin SDK.
Firebase admin SDK used Service account key to connect to firebase backend.
Here my use case is: i have a python package which will get used by client, here i do not want to use Service account key and admin SDK. I wanted to use API key and if user enters valid username and password of application (assuming user is already signed up) , user will get access to firebase backend. (Obviously as per security rules)
I am not able to find a method to access firebase backend using API key and applications username/Password from python script. If anyone knows it please help me on this.
The Admin SDK that Firebase provides for Python is only meant to be used in trusted environments, and doesn't allow signing in with username/password. All code using the Admin SDK is accessing Firebase using administrative privileges, so it is not suitable for your use-case. Firebase itself doesn't provide a SDK for client-side access using Python. So the only option remaining that Firebase provides is to call the REST API from your code.
There is a third party library called Pyrebase that allows you to sign in users (by wrapping the REST API mentioned above):
# Get a reference to the auth service
auth = firebase.auth()
# Log the user in
user = auth.sign_in_with_email_and_password(email, password)
IF you want to control the backend access with an API key - you can't.
Unlike how API keys are typically used, API keys for Firebase services are not used to control access to backend resources; that can only be done with Firebase Security Rules (to control which users can access resources) and App Check (to control which apps can access resources).
as per docs
I have a Django app with a standard django.contrib.auth backend and have a lot of existing users, now I want to add login via Google account using Python Social Auth. Is there any way to allow login via Google account for existing users? How should I associate it with existing users?
Is it okey to set up 'social_core.pipeline.social_auth.associate_by_email' ?
So when user try to log in using Google account and already have an account (created using standard registration with password) in my app then will be automatically logged in. I don't want to allow creating new accounts using Python Social Auth, only allow to login via Google for existing users.
Yes Cox, you can use this pipeline but pay attention because according to the django doc :
This pipeline entry is not 100% secure unless you know that the
providers enabled enforce email verification on their side, otherwise
a user can attempt to take over another user account by using the same
(not validated) email address on some provider.
I am building a webapp with Django which allows our users to create a meeting in their office365 calendar while also storing the meeting in a database so we can display some information about it on a screen in the office.
I am using exchangelib to create the meetings and it works really well. I want to make it so our users do not have to enter their passwords for their o365 account every time they use it, but I would prefer not storing the passwords locally either since they change regularly.
Our users are always logged in to sharepoint or owa when they use this app is it possible to get their credentials from there? Or is it possible to link it to our local AD?
Box.com supports different authentication method, OAuth2 and JWT. I'm currently using OAuth2 with develop tokens, which works just fine. The developer tokens expires within an hour so I can't use this in our production.
I'm using the python SDK to upload files to box, and there is no user interaction here at all. It seems like I can't use the OAuth2 authentication method since there is no users uploading (automatic script), am I right?
The JWT authentication method requires an enterprise id, which I can't find. I used this page as reference: https://box-content.readme.io/docs/box-platform
I've logged in as an co-admin in box, but can't find the enterprise id or Custom apps under the APPS menu.
Is there anything I have missed?
You have to use JWT to make server to server api call. you can find your enterprise ID in you Admin Console-->Enterprise Setting--> Account Info-->Enterprise ID.
I have a Django and django rest framework project where I want a mobile to be able to request a token and then use that token for x minutes before they're disconnected. I do not want to create a user for each mobile device, I just want a one time password.
I tried using the auth system built into drf, however it required a user.
So I was thinking about just using the onetimepass package to generate a one time token.
You can create a view that generates a time-based OTP and then use it in a custom auth module to authenticate against a single user. You can also use JWT with an expiry time to authenticate against a single user.