WEBVTT 1 00:00:00.320 --> 00:00:01.580 Hi and welcome back. 2 00:00:01.610 --> 00:00:03.740 Today we're going to discuss a general 3 00:00:03.770 --> 00:00:08.900 architecture of authenticating users, making them able to register on our 4 00:00:08.930 --> 00:00:12.340 application and login into our application. 5 00:00:12.370 --> 00:00:16.260 So imagine that here is our react native 6 00:00:16.290 --> 00:00:19.340 application and we want to register the user. 7 00:00:19.370 --> 00:00:21.140 If we want to register the user, 8 00:00:21.170 --> 00:00:26.020 we're going to have to gather information from them, such as email and password. 9 00:00:26.050 --> 00:00:30.220 Once we do that, we are going to send that data over 10 00:00:30.240 --> 00:00:39.140 to the Firebase API and then Firebase API will receive this data and let us know 11 00:00:39.170 --> 00:00:43.940 whether the user successfully registered with their entered information or not. 12 00:00:43.970 --> 00:00:48.820 If any kind of error occurs, such as this kind of email already exists 13 00:00:48.850 --> 00:00:52.020 in our database, or they didn't enter the correct email 14 00:00:52.050 --> 00:00:56.260 address and their email address doesn't exist, we're going to show the user 15 00:00:56.290 --> 00:01:00.740 an error and they are going to try to register again. 16 00:01:00.770 --> 00:01:06.260 However, if they successfully registered, this information is going to be written 17 00:01:06.290 --> 00:01:11.490 inside the authentication database of the Firebase and we are just going 18 00:01:11.520 --> 00:01:15.340 to bring them to the login page so that they can log in. 19 00:01:15.370 --> 00:01:18.980 Now let's talk about how logging in would work. 20 00:01:19.010 --> 00:01:20.850 When the user tries to log in, 21 00:01:20.880 --> 00:01:25.380 we're gathering the information as they enter their credentials and then we're 22 00:01:25.410 --> 00:01:30.100 going to send that data over using the Firebase API. 23 00:01:30.130 --> 00:01:36.100 And once the Firebase API receives this data, we're going to receive a response 24 00:01:36.130 --> 00:01:40.900 back from Firebase and we're going to know if they successfully logged in or not. 25 00:01:40.930 --> 00:01:44.820 Firebase is going to go and check the database and make sure 26 00:01:44.850 --> 00:01:50.460 that the password and the email that user entered actually exists and is valid. 27 00:01:50.490 --> 00:01:54.490 If it is not valid, then we're going to show the user what 28 00:01:54.520 --> 00:01:58.900 kind of error we got and they are probably going to try to log in again. 29 00:01:58.930 --> 00:02:01.490 However, if the successfully log in, 30 00:02:01.520 --> 00:02:05.660 we are going to receive a token from the Firebase. 31 00:02:05.690 --> 00:02:10.660 So let's talk about what a token is. In Firebase authentication, 32 00:02:10.690 --> 00:02:13.660 a token is a secure string of characters 33 00:02:13.690 --> 00:02:17.260 that serves as a proof of authentication for a user. 34 00:02:17.290 --> 00:02:20.220 When a user successfully logs in or signs 35 00:02:20.250 --> 00:02:26.300 up using Firebase authentication, firebase will generate a token for that user. 36 00:02:26.330 --> 00:02:30.500 And the token itself has several important functions. 37 00:02:30.530 --> 00:02:33.610 First of all, the token includes information about 38 00:02:33.640 --> 00:02:36.940 the user's authentication status and privileges. 39 00:02:36.970 --> 00:02:39.380 It allows the user to access protected 40 00:02:39.410 --> 00:02:42.940 resources and perform actions that require authentication, 41 00:02:42.970 --> 00:02:47.780 such as accessing restricted data or performing write operations. 42 00:02:47.810 --> 00:02:50.180 In our donation application, for example, 43 00:02:50.210 --> 00:02:54.380 user won't be able to donate money unless they are registered. 44 00:02:54.410 --> 00:02:56.300 And if they will want to access those 45 00:02:56.330 --> 00:03:00.340 pages, then they're going to have to be registered and logged in. 46 00:03:00.370 --> 00:03:05.860 The other functionality of Firebase tokens are that it is designed to be stateless. 47 00:03:05.890 --> 00:03:08.020 This means that the server doesn't need 48 00:03:08.050 --> 00:03:11.860 to maintain session information for each user. 49 00:03:11.890 --> 00:03:17.300 Instead, the token itself will contain all the necessary information to authenticate 50 00:03:17.330 --> 00:03:20.660 the user and validate their access to resources. 51 00:03:20.690 --> 00:03:25.380 This reduces the server's overhead and simplifies the authentication process. 52 00:03:25.410 --> 00:03:30.980 The third benefit of having the tokens is that when a user makes requests 53 00:03:31.010 --> 00:03:35.820 to Firebase services, the token is included in the request headers. 54 00:03:35.850 --> 00:03:41.500 This token is encrypted and transmitted securely over Https. 55 00:03:41.530 --> 00:03:46.540 Firebase servers then verify the token's authenticity and integrity, 56 00:03:46.570 --> 00:03:52.380 ensuring that only authenticated users can access the requested resources. 57 00:03:52.410 --> 00:04:00.060 Now there comes a step when the token will expire that was generated using Firebase. 58 00:04:00.090 --> 00:04:05.610 Usually it is just 1 hour, but you can also modify and set your own 59 00:04:05.640 --> 00:04:09.860 expectations on how long should the token be valid. 60 00:04:09.890 --> 00:04:12.260 So if a token expires, 61 00:04:12.290 --> 00:04:16.980 we are going to refresh the token and keep the user logged in. 62 00:04:17.010 --> 00:04:21.620 Firebase tokens have an expiration time to enhance security. 63 00:04:21.650 --> 00:04:23.860 When a token nears expiration, 64 00:04:23.890 --> 00:04:28.500 Firebase provides mechanisms to automatically refresh the token without 65 00:04:28.530 --> 00:04:31.740 requiring the user to reenter their credentials. 66 00:04:31.770 --> 00:04:34.300 This allows for a seamless user experience 67 00:04:34.330 --> 00:04:37.980 and ensures continuous access to resources. 68 00:04:38.010 --> 00:04:44.020 So if the token doesn't expire, we are just going to keep the user logged in. 69 00:04:44.040 --> 00:04:48.420 Overall, the token plays a vital role in Firebase authentication. 70 00:04:48.450 --> 00:04:52.940 By providing secure and verifiable proof of user's identity. 71 00:04:52.970 --> 00:04:55.620 It enables authorization, statelessness 72 00:04:55.650 --> 00:05:00.300 and secure communication between the client application and Firebase servers. 73 00:05:00.330 --> 00:05:04.540 Understanding and utilizing Firebase tokens correctly is essential for building 74 00:05:04.570 --> 00:05:09.020 secure and scalable applications that leverage Firebase authentication. 75 00:05:09.040 --> 00:05:12.100 Now, if the user wants to log out, 76 00:05:12.130 --> 00:05:15.060 then they're just going to click on the button 77 00:05:15.090 --> 00:05:18.240 to do so. We're going to contact Firebase and we're 78 00:05:18.270 --> 00:05:23.260 going to call their sign out API which will dump the token automatically. 79 00:05:23.280 --> 00:05:27.420 And then we're just going to reset the token in our stores and call 80 00:05:27.450 --> 00:05:31.580 the logout function so that they are redirected back to the login page. 81 00:05:31.600 --> 00:05:37.100 So this is the main architecture of how registering, logging in and logging out 82 00:05:37.130 --> 00:05:41.540 works in react native when we're using Firebase. 83 00:05:41.570 --> 00:05:45.580 So in the upcoming videos we're going to utilize this architecture and we are 84 00:05:45.600 --> 00:05:51.620 going to make login and registration that is actually working for the user. 85 00:05:51.650 --> 00:05:53.620 And you're going to be able to use this 86 00:05:53.650 --> 00:05:59.540 knowledge in your application to easily and simply make sure that your application 87 00:05:59.570 --> 00:06:05.220 is secure and that your users are able to register and log in seamlessly. 88 00:06:05.250 --> 00:06:06.820 Thank you so much for watching. 89 00:06:06.840 --> 00:06:07.920 See you in the next video.