-4

I am creating an application using Firebase database in which login and sign up functionality added. I want to add the login with username instead of email id. But I don't find any method for authentication with username. If I change firebase database rules for public then I able to login with username, but the security of database is hamper in this case. So please guide me for login with username on firebase and also suggest me on how to check username availability before sign up, if the username is available then user can sign up or if not, then the user must change his/her username for sign up.

KENdi
  • 7,576
  • 2
  • 16
  • 31
parikshit tiwari
  • 21
  • 2
  • 8
  • if you want to use username then directly match username with firebase db. – Nouman Ch Sep 24 '18 at 10:36
  • See https://stackoverflow.com/questions/35120939/username-authentication-instead-of-email, https://stackoverflow.com/questions/37467492/how-to-provide-user-login-with-a-username-and-not-an-email – Frank van Puffelen Sep 24 '18 at 13:35

2 Answers2

1

Firebase auth only allows you to authenticate with email and password. If you want to use username instead of email you can store user details in the database and authenticate according to that.

you can follow this format in your database to configure the authentication process. enter image description here

In the username field, you can store the username of user whichever they selected and check the password of that. In this way, you can also able to check whether the username is already created or not.

Tabrez Ansari
  • 55
  • 6
0

If you want to do something like giving special login access like usernames and passwords, you can use Firebase realtime database to do so.

You can create a node named credentials and then store every new username and password in it. Then to check if a person is logging in with correct details, you can search the database records and match them with what the user is entering.

What I am saying, can be coded something like this:

DatabaseReference ref = FirebaseDatabase.getInstance().getReference().child("credentials");

//to store values in your credentials node just use this code

ref.child("usernames").child(username);
ref.child("usernames").child(username).child("password").setValue(password);

// here username and password are the strings you want to store

You can do this with all of your new users to register them in your app. Also this make it easier(read faster) for you to search for the particular username and corresponding password.

You can do so using the following piece of code:

ref.child("credentials").orderByChild("usernames").equalTo(username).addValueEventListener(new ValueEventListener() {
            @Override
            public void onDataChange(@NonNull DataSnapshot dataSnapshot) {
                // here you can do what you want, like comparing the password of the username and other things you require to do

                }

            }

            @Override
            public void onCancelled(@NonNull DatabaseError databaseError) {

            }
        });
PradyumanDixit
  • 2,372
  • 2
  • 12
  • 20
  • Can we access database without set database rules public like this: { "rules": { ".read": false, ".write": false } } – parikshit tiwari Sep 24 '18 at 12:16
  • No, it can't be written like that. You should replace false with `"$uid == auth.uid"`. You can read more about that, here. https://firebase.google.com/docs/database/security/ – PradyumanDixit Sep 24 '18 at 12:19
  • Concerned that a) the password is being stored in plain text rather than a hash, and b) that there is no way to secure access to this data if it is available remotely. For example, someone registers with username 'abcd' and password '1234'. Another user can access the database by querying for username 'abcd' and will see the full password '1234'. You could only secure this by ensuring the password checking code is in a cloud function (so you can remove all read access) and I believe you should only compare against the hash, not the full password, in case your database is compromised. – Tom Nov 06 '19 at 19:53
  • @Tom yes this is NOT secure, but a simple direction to what you can do, securing the database and making this work in real-world is an entirely different topic. – PradyumanDixit Nov 11 '19 at 09:20