Firebase-admin-node: UserRecord is missing isAnonymous

Created on 7 Nov 2017  路  11Comments  路  Source: firebase/firebase-admin-node

Hi firebasers,
when using admin.auth().listUsers() it returns a list of userRecord
https://github.com/firebase/firebase-admin-node/blob/master/src/auth/user-record.ts
but this one missed the isAnonymous boolean property the USer interface has : https://firebase.google.com/docs/reference/node/firebase.User#isAnonymous
Is it wanted ? if yes is there a way to find it's an anonymous user ?
Regards,
Cyrille.

auth question

Most helpful comment

I do not know what the criteria is for labeling users anonymous in the Console but I do know the criteria for the client SDK. Basically, any user that is signed in using signInAnonymously will be initially labeled anonymous, until a provider is added to the user's list of provider data giving the user the ability to sign back in. You could set an email, display name, photoURL and the user would still be considered anonymous. Once the user has a mechanism to sign-in (add a password, assuming an email is also available), link a provider, sign in with that user ID using custom auth, the user will stop being anonymous.

All 11 comments

Hey there! I couldn't figure out what this issue is about, so I've labeled it for a human to triage. Hang tight.

Hmmm this issue does not seem to follow the issue template. Make sure you provide all the required information.

isAnonymous is only a client side construct. If a user is created with signInAnonymously, this flag is set to true (client side only).
For example you can use createUser and just create a user without any profile info (no email, phone, password, etc). Would that be considered anonymous? How about if you create a user with just an email? What about a custom auth user? You could also unlink all providers from a non-anonymous account. Would that user become anonymous?

Basically, you need to apply your own criteria of what an anonymous user constitutes. When you listUsers you can perhaps check that no providers are linked and no email/phoneNumber is set on the user, etc.

Hi thanks for answers,
as i understood anonymous is a connection mode and user created with signInAnonymously are tagged anonymous in firebase console.
I can't find way to createUser() without choosing a provider. I thought anonymous was a special king of connection tagged in firebase database.
I will check that providerId is an empty array that should do the job.
Thanks again,

in my case, the provider was firebase, though there was no provider data. it was created anonymously using the firebase sdk. i find it a little inconsistent that the client-side sdks lets you create/check anonymous users, but not the server-side sdks. i'm not sure this is future-proof, but here's how i check it in java:

        return "firebase".equals(userRecord.getProviderId()) &&
               userRecord.getProviderData().length == 0 &&
               userRecord.getCustomClaims().size() == 0 &&
               userRecord.getDisplayName() == null &&
               userRecord.getEmail() == null &&
               userRecord.getPhoneNumber() == null &&
               userRecord.getPhotoUrl() == null &&
               !userRecord.isEmailVerified() ||
               userRecord.isDisabled();

how does the console know to indicate (anonymous)? in terms of signInAnonymously, what constitutes an anonymous user?

I do not know what the criteria is for labeling users anonymous in the Console but I do know the criteria for the client SDK. Basically, any user that is signed in using signInAnonymously will be initially labeled anonymous, until a provider is added to the user's list of provider data giving the user the ability to sign back in. You could set an email, display name, photoURL and the user would still be considered anonymous. Once the user has a mechanism to sign-in (add a password, assuming an email is also available), link a provider, sign in with that user ID using custom auth, the user will stop being anonymous.

Basically, you need to apply your own criteria of what an anonymous user constitutes

That would make sense if neither sdk had an explicit way of creating an anonymous user. It would mean that if we wanted to have something like that on our platform, we'd have to implement it ourselves. But for the sole fact that there is a signInAnonymously that results in a user without any unique information besides the id, that's establishing what an 'anonymous' user is.

It's true that you can create a user without any information that would literally look like the same thing, but that wouldn't constitute an anonymous user because it's established in one of the sdks that an anonymous user is explicitly created through signInAnonymously. This just feels inconsistent all around.

Why is this closed? There's no proper reply here.

Inconsistent for sure.

Is UserRecord.providerData.length guaranteed to equal zero if no providers have been linked to the account, where the user has only been authenticated on the client via signInAnonymously? Is that the official Firebase-endorsed way to determine this?

There is no guaranteed mechanism to determine an anonymous user as the anonymous user will have the same footprint in the following non-anonymous cases:

  • User created via Admin SDK using no identifier: admin.auth().createUser({uid: 'some-uid'});`
  • User created via custom auth.
  • Non-anonymous user with all providers unlinked

I think it is up to you to determine what constitutes as an anonymous user

It makes sense that it should be the developer's responsibility to determine what an anonymous user is in their platform, but if that's to be true, then the signInAnonymously function should allow us to customize any property in the UserRecord through its parameters, otherwise this contradiction just leads to more confusion. On one hand defining a user as "anonymous" is up to the developer, on the other there's a method that implicitly defines what an anonymous user is right in its name.

Was this page helpful?
0 / 5 - 0 ratings