Best practices for connecting user to their data

Alan_Alves · August 1, 2021, 7:56pm

I’m building a flashcard study app with specific data for each user.I would like anyone with experience to share the best way of connecting user to their data. I’m using firebase auth as the auth backend and Firestore database to store the data. Here’s what I came up with to connect user to their data:

Data structure: a collection named USERS containing documents with the user’s data stores all of user’s data. The id for each document is the same ID as the users ID created by firebase auth.

Connecting the data: through Get current user (Firebase Auth) flow function retrieve current user ID. Use the ID to build the HTTP request URL to retrieve the info from the specific user.

In your experience is that the best way? I also have to figure out how to set security rules properly. Any thoughts on that would be appreciated as well.

nkwazi_wez · August 3, 2021, 8:38am

Hey, how did you connect or create “The id for each document is the same ID as the users ID created by firebase auth.”?

I have been looking around everywhere but cannot find the solution

Alan_Alves · August 3, 2021, 1:16pm

When you enable authentication through firebase, your app authenticates to firebase through either one of these flow functions: Get current user (Firebase auth) or Email & password authentication (Firebase Auth). One of the outputs arguments is ``ùid``` which holds the ID for that specific user. You need to use this uid to create the documents.

nkwazi_wez · August 3, 2021, 5:10pm

I have managed to get the the ID from the UID, thank you. However, I don’t know how to assign the ID get to the document ID created. most of the documents that I am creating at the moment have auto-IDs in firestore.

I will attach my screenshots

Alan_Alves · August 3, 2021, 7:39pm

You gotta define at the url path. Examples:

HTTP request flow function with method set to patch. URL: https://firestore.googleapis.com/v1/projects/YOURPROJECTID/databases/(default)/documents/YOUCOLLECTIONID/YOUDOCUMENTID, in your case, YOURDOCUMENTID is the id for that specific user.

nkwazi_wez · August 8, 2021, 2:21pm

That worked, thank you

Maxwell_Swamy · September 26, 2021, 9:41pm

Hi Thank you,
It is working here this way as well, but in this case do I have to set manually for every single user? Is there a way that we can get the user ID automatically?
In my case even if the access of the whole app would be unique for every user will be grand. It is a equipment register and the do not have access to each other data.
Is there a way that I can do it?

thank you

Alan_Alves · September 29, 2021, 9:10pm

Hi Maxwell,

About setting the user ids automatically, have you read this part of the post: Best practices for connecting user to their data - #3 by Alan_Alves? Could you get this to work?

As for your second question, yes, you can ensure this on the client-side, by retrieving only the data from that specific user, and modify on the security rules in Firestore, that users can read/write only their related data (that will prevent anyone from messing with with your data). I’ll intend to do a simple post about it later this week.

DG_L · October 10, 2021, 1:11pm

@Alan_Alves

Can you please elaborate it?

When I try the same in my POST call, I get error "“code”: 400,
“message”: “Document parent name “projects/{projectid}/databases/(default)/documents/{collectionID}” lacks “/” at index 69.”

I am using the HTTP request with url as you mentioned “https://firestore.googleapis.com/v1/projects/YOURPROJECTID/databases/(default)/documents/YOUCOLLECTIONID/YOUDOCUMENTID”

Alan_Alves · October 10, 2021, 3:20pm

Hi @DG_L ,

You gotta set the HTTP method to PACTH instead of POST.

Alternatively, to create a document specifying the id, with the POST method, you may use the following:

https://firestore.googleapis.com/v1/projects/YOURPROJECTID/databases/(default)/documents/YOURCOLLECTIONID?documentId=YOURDOCUMENTID

Note that this last method cannot be used to update documents. In order to update any document use PATCH method.

Post back here if it won’t work.

DG_L · October 11, 2021, 12:53pm

Thank You @Alan_Alves . The alternative method worked fine. This was useful.

user2 · October 13, 2021, 1:22am

Hi @Alan_Alves,

I’m trying to create a journaling app where each user can see only the journals that they’ve written. I’ve been trying to get this part (users can only see their data) to work for awhile now, but couldn’t find any resources besides this thread on how to do this.

I tried getting ID from the UID using the Get current user (Firebase Auth) function but I got an error saying that the api key was invalid. Our api key is stored as an app variable, so this seems like a weird error to me. Do I need to pass data through this function?

Thank you so much for the help, and if anyone can point me towards more helpful resources for firebase that would be great.

Alan_Alves · October 13, 2021, 12:19pm

Hi,

It seems you haven’t set the FireBase connector correctly. I suppose you want to you use the FireBase auth API in AppGyver, if that’s the case take a look at the link below. That should solve the API err.

https://docs.appgyver.com/data/google-firebase

user2 · October 16, 2021, 12:21am

Hi,

I followed the video and set everything up, but I am still getting the same error.
Right now I have the sign in/ sign up fully functioning, but I am using HTTP requests to do this using https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=APIKEY. I tried using the built in firebase auth functions, but am getting the same API Key error.

Any tips on how to connect user to their data if I am using HTTP requests for the user sign in?

Alan_Alves · October 16, 2021, 5:58pm

Ok. So you’re saying that you could Auth user using http request, right?

The HTTP request reruns a JSON document. One of then properties of this returned document is the UID. You just need to save it to a variable. I would post an example of this document here if I was typing from a computer.

If you go to postman.com you can send an HTTP request with the same settings as you set in your app. It will return the JSON document I’m talking about, so you may see the structure of this doc.

Post back here if get stuck.

user2 · October 18, 2021, 12:26am

Hi,

I couldn’t get the Postman part as I was getting an “Admin_Only_Operation” error. I tried changing firestore rules but I was still getting this error (maybe because auth is using the Authentication on firebase)

So, I’m not sure the syntax for getting the UID from the HTTP request and setting that to the variable. I attached a screenshot of my logic flow function in case that helps.

Alan_Alves · October 18, 2021, 1:31pm

Hi,

That’s OK. However, if you’re getting a response to sending an HTTP request through appGyver API, you should as well get the same response from Postman API if you enter the same values. For your convenience take a look at the setting at Postman:

With the correct WEB API KEY, the method set to POST, and body to JSON, and the structure as in the pic above, with an existing email and correct password, you should get a response in the below structure:

{
  "localId": "ZY1rJK0eYLg...",
  "email": "[user@example.com]",
  "displayName": "",
  "idToken": "[ID_TOKEN]",
  "registered": true,
  "refreshToken": "[REFRESH_TOKEN]",
  "expiresIn": "3600"
}

For more info about all the possible responses body, and what any of those keys mean, take a look at this reference doc from FireBase. (If you get errs, you’ll get different responses body depending on the err).

The formula for “Set UID”, should be similar to the pic below:

Hope you’ll be able to set it up now! I reinforce the benefits of testing your HTTP requests on Postman before setting it up on appGyver, as you can see right away the raw response body of your request.

All the best!

EDIT

@user2, this method will also work for signing up users. The Response Playload is quite similar to the one for signing users in. It has the following structure:

{
  "idToken": "[ID_TOKEN]",
  "email": "[user@example.com]",
  "refreshToken": "[REFRESH_TOKEN]",
  "expiresIn": "3600",
  "localId": "tRcfmLH7..."
}

Therefore, the UID is also on the key localId.

For more info, take a look at this doc.

user2 · October 19, 2021, 4:31am

Hi,

Thank you so much! I was able to get the UID and also create documents where the ID is the UID.

The Data structure I am using is to have each user have a document, and within the document there is a subcollection where all of their journals will be stored (since I am making a journaling app where they can write multiple journals).

I’m a little confused as to how to implement the get/post requests. Before now, I was using data resources and data variables to build the get & post requests by setting the schema, and setting the user input to the data variable. But since the relative path would be different for each user, how would this work?

Also, if two users are using the app at the same time, wouldn’t this interfere with the app variable UID since it will change once a new user logs in? Then it would be difficult to build HTTP requests using the UID for the document ID.