You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was wondering if there is a way to use Pow to create accounts without passwords or e-mails using some other unique identifier.
The idea is that I have a mobile app where users will need to create a (freemium) account to unlock most of the features (because most of these features need to store data in the backend in a way that identifies that the data is from a specific user). But looking at my analytics, it is clear that a lot of users simply uninstall the app before creating the account because there is no motivation to do it since they don't understand very well the features they are missing by not having an account.
To solve that, I was thinking about creating an "implicit" account for the user using an FID (Firebase ID) which is a unique identifier of the user's mobile device which I can verify in the backend using Firebase API.
In other words, when the user opens the app for the first time, it should seamlessly request an account creation with that FID, and the backend should verify it and create the account storing that ID instead of an e-mail/password unlocking some of the features.
Later, if the user decides to create a "real" account, I would simply replace the FID with the provided email/password in the already existing account.
I'm pretty sure that to do this I would need to implement some of the parts myself, and I'm OK with that, but I was wondering if you can give me some hints on where I should look in the code and/or how should I implement this.
PS: I know that this is not as secure as using a Google provider or email/password since a third-party having access to that FID would be able to access that account, but that is a cost I'm willing to pay to have that convenience for the user.
I also considered using WebAuthn, but AFAIK that would still need me to prompt the user in the app to create the keys, and I want to avoid anything like that, I want the user to simply think they don't have an account at all with the app backend (but I'm am open, of course, to suggestions to increase the security).
The text was updated successfully, but these errors were encountered:
Hello,
I was wondering if there is a way to use Pow to create accounts without passwords or e-mails using some other unique identifier.
The idea is that I have a mobile app where users will need to create a (freemium) account to unlock most of the features (because most of these features need to store data in the backend in a way that identifies that the data is from a specific user). But looking at my analytics, it is clear that a lot of users simply uninstall the app before creating the account because there is no motivation to do it since they don't understand very well the features they are missing by not having an account.
To solve that, I was thinking about creating an "implicit" account for the user using an FID (Firebase ID) which is a unique identifier of the user's mobile device which I can verify in the backend using Firebase API.
In other words, when the user opens the app for the first time, it should seamlessly request an account creation with that FID, and the backend should verify it and create the account storing that ID instead of an e-mail/password unlocking some of the features.
Later, if the user decides to create a "real" account, I would simply replace the FID with the provided email/password in the already existing account.
I'm pretty sure that to do this I would need to implement some of the parts myself, and I'm OK with that, but I was wondering if you can give me some hints on where I should look in the code and/or how should I implement this.
PS: I know that this is not as secure as using a Google provider or email/password since a third-party having access to that FID would be able to access that account, but that is a cost I'm willing to pay to have that convenience for the user.
I also considered using WebAuthn, but AFAIK that would still need me to prompt the user in the app to create the keys, and I want to avoid anything like that, I want the user to simply think they don't have an account at all with the app backend (but I'm am open, of course, to suggestions to increase the security).
The text was updated successfully, but these errors were encountered: