#Firebase, Part 2.
In this chapter you will find advice that applies to the majority of apps that are out there. Every proper app that delivers a service to users has some form of security. Its all about Authentication and this chapter is about how Firebase gives you the tools required to secure your application using a variety of OAuth providers.
What is Authentication?
Authentication is simply the process of determining whether someone is, in fact who they say they are. We use authentication in most applications everyday. Whether logging into our computers or Facebook accounts, authentication is a common task that most of us go through.
As a developer when implementing authentication in your own applications you’d typically store usernames and passwords,compare these with the ones a user provides and give them access to their accounts… Simple right?
Well no, not really , a lot goes on behind the scenes to have proper authentication to make sure users are who they say they are.
Why use an OAuth Provider?
As you make an app that accesses a solid web based back-end it's important to consider the following aspects of web security:
- Requiring strong passwords.
- The use of strong encryption.
- Ensuring secure communication (between client and server).
- Securing password storage within an encrypted database.
- Implementing password recovery.(Which also has to be secure).
- Adding 2 factor authentication. (Highly recommended extra layer of security)
- Including protection against man in the middle attacks.
Having said all this even the simplest of applications may become fairly difficult to make when we factor in security.
Thankfully we won’t have to worry about this if we are going to use an OAuth provider which will handle this for us. OAuth providers allow your users to login into your application using credentials from a trusted website such as Facebook, Github, Google+or even Twitter.
So what is Firebase Authentication?
If you are not familiar with Firebase I suggest taking a read at my last article — #Firebase, Part 1 before continuing on to read this section.
As a super bonus it integrates quite well with other Firebase services like Realtime Databases and Analytics, even allowing integrating with your custom back-end.
To sign a user into your application you will need to get a user’s authentication credentials. These can be a user’s email address and password or an OAuth token from a provider. You then simply pass these credentials to the Firebase Authentication SDK. Its services will verify the users for you and return a response to the client.
After a successful sign in you can access details about a user like a profile picture or even their usernames. A unique user ID is generated for every user that signs in using Firebase Authentication as we will see in quite a bit which then will allow customization within your application.
In this article I will demonstrate how to incorporate Firebase Authentication in an Android application in fulfillment to the Chat messaging application we will have developed by the end of this blog series.
How to incorporate Firebase Authentication in Android.
All work and no play ………. You know the rest!
Picking up from where we left off in my last blog article #Firebase, Part 1, let's set up Authentication first in the Firebase Console before we dive into Android Studio.
Open up your Firebase Console and navigate to the ‘Auth’ menu item on the left side of your console.
Select the ‘SIGN-IN METHOD’ tab and click on ‘Google’ under the sign in providers. (I will be using Google sign in as our provider for this demo). Feel free to experiment with other OAuth providers by checking their documentation.
Enable the Google OAuth provider by clicking the switch labelled ‘Enable’. Then click the shiny blue save button.
*You should now have the power to harness Google Sign In within your applications linked to this Firebase Project*.
Fire up Android Studio. And open your application level build.gradle file.
To support Google Sign In within your application you will need to include the Google Sign In library in gradle. Add the following to your gradle dependencies list and sync your project gradle files.
After you sync your project’s gradle files Add the following XML layout file for our SignInActivity which will handle the signing in process of our project.
You may use a ready made Google Sign In button in your layout code. It’ll inherit the characteristics of how Google Sign In buttons look everywhere and its usually good practice to do so. Users will not need to try and decipher the use of your button.
Below is the code for our activity_sign_in.xml layout file.
Before I hand over the code for step 6. I would like to explain the sign in flow for google sign in as explained in their documentation.
- Add an Activity and name it SignInActivity.
- In the ‘SignInActivity.java’ where you handle the SignInButton’s setOnClickListener method create a sign in intent with the getSignInIntent from the Auth object. Starting the intent prompts the user to select a Google account to sign in with. It’ll usually make the device show the Google Accounts signed on the device within a dialog.
- In the activity’s ‘onActivityResult’ method retrieve the sign in result with getSignInResultFromIntent again from the play services auth library’s Auth object.
- After you retrieve the sign-in result, you can check if sign-in succeeded with the ‘isSuccess’ method. If sign-in succeeded, you can call the ‘getSignInAccount’ method to get a ‘GoogleSignInAccount’ object that contains information about the signed-in user, such as the user’s name.
- Get the credentials from the ‘GoogleSignInAccount’ and pass it into the Firebase Authentication object.
- This will pass on all the user’s details to Firebase which will then automatically create a Firebase user with a unique User ID for you, which you can use later for customizing the user’s experience of your application.
So this is the Gist with the code you’ll need for your SignInActivity.
Our Application will begin execution inside the MainActivity class.
So edit out the activity_main.xml file or your Main Activity Layout file in XML to add a TextView that will display the username of our User and a sign out Button that will allow the user to sign out of our application.
The code for activity_main.xml can be found below:
Head on over to the MainActivity.java file and initialize our Views as well as Firebase Auth and Firebase User objects which we will need to access details of our newly signed in user.
Check to see if we have a Firebase User object first. If we do then proceed to retrieving their username. If not then open up the SignInActivity.
The code for the MainActivity class can be found below.
Make sure your Android Manifest file looks similar to the one below. i.e more importantly make sure you have the <uses-permission> tag to ask for permission to access internet on the device.
Run the app on a physical device or an emulator and viola!
You should be presented with the following UI if you followed this blog post correctly.
Clicking on the Google Sign in button presents a dialog which prompts the user to choose a Google account for your application. As shown above.
If you head over to your Firebase console Auth menu you’ll notice that a User has been added to the users’ list and that the user has been assigned a unique user ID.
The above picture shows the Firebase console Auth menu after a user has signed in.
So in just a few steps we have allowed a user to sign into our app using Firebase Authentication which means we can now customize the user’s experience across different devices and we won’t ever have to worry about the schematics of web security. Your path to quick and efficient application development using Firebase continues.
Check out the Documentation for Authentication here for more information.
This is part 2 of my ongoing Firebase series. I plan to show you how to add more Firebase features to this application which will ultimately turn into an IM Chat App which you can re-create in 35 minutes*.
The source code for this app can be found on my Github here.
Leave comments below and I’ll respond as soon as I can.