英文:
Two apps under Firebase project. Why register user of 1st app is able to login in second app without registering?
问题
我在同一个项目中有两个应用程序。第一个是客户应用,第二个是公司应用。这两个应用共享同一个Firebase数据库。
并且这两个应用在登录和注册方面是相同的。当我开始为第二个应用编写代码时,我复制了第一个项目,并根据我的需求修改了所有的活动(Android Java代码)。
我遇到的问题是,当客户在客户应用中注册,然后使用相同的登录凭据登录公司应用,而无需在其中注册,反之亦然。我不明白为什么会发生这种情况。我注意到一件事,就是两个项目的SHA-1密钥在从Android Studio生成后是相同的。
我希望能够限制未在其中注册的用户不能登录,无论是对于哪个应用,用户只能登录他/她注册过的应用,而不能登录他/她未在其中注册的第二个应用。
英文:
I have two apps in a single project. 1st is a customer app and 2nd one is company app. both apps share the same firebase database.
And both the apps are identical in terms of login and registration. When started writing code for the 2nd app, that time I copied the 1st project and modified all the activities (android java code) as per my needs.
The issue I am facing is when customers register in the customer app and then the same login credentials are being used to login in company app without registering to it or vice-versa. I don't understand why this is happening. I saw one thing that for both the project SHA-1 key is the same after generating from the android studio.
I want to restrict login to without registering to it for both the apps, the one should be able to login in to the app in which he/she has registered, not in the 2nd app where he/she hasn't registered.
答案1
得分: 1
用户注册是按项目而不是按应用程序的。因此,Firebase不区分使用第一个应用程序还是第二个应用程序登录的用户,他们都只是项目中的用户,并且可以针对该项目进行身份验证。
如果您想在项目中区分这两种类型的用户,您不应该通过他们用于登录的应用程序来实现。相反,您应该为每个用户在数据库中存储某种角色,或者在该用户配置文件的自定义声明中存储某种角色。
我建议查阅:
- Firebase文档中关于实现基于角色和基于属性的访问控制
- https://stackoverflow.com/questions/55848701/what-is-the-best-way-to-authenticate-two-types-of-users-student-and-driver-in/55850746#55850746
- https://stackoverflow.com/questions/37907879/how-to-give-different-access-to-different-type-of-user-for-login-in-firebase/37908565#37908565
- https://stackoverflow.com/questions/43255174/how-to-create-firebase-admin-user-for-authentication-in-java/43256973#43256973
英文:
User registration is per project, and not per application. So Firebase makes no distinction between the users that sign in with the first app or with the second app, they are all just users within the project and they can authenticate against that project.
If you want to make a distinction between the two types of users in your project, you should not do that by the application they use to sign in. Instead you'll want to store some sort of role for each user either in the database, or in a custom claim in that user's profile.
I'd recommend checking out:
- the Firebase documentation on implementing role-based and attribute-based access control
- https://stackoverflow.com/questions/55848701/what-is-the-best-way-to-authenticate-two-types-of-users-student-and-driver-in/55850746#55850746
- https://stackoverflow.com/questions/37907879/how-to-give-different-access-to-different-type-of-user-for-login-in-firebase/37908565#37908565
- https://stackoverflow.com/questions/43255174/how-to-create-firebase-admin-user-for-authentication-in-java/43256973#43256973
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论