2

I am new to getStream.io and I am trying to understand a user creation flow with getstream.io and firebase. If I create a new user in firebase and then pass in their firebase UID to functions such as:

client = stream.connect('YOUR_API_KEY', 'API_KEY_SECRET');

//generate new user
client.user('<FIREBASE UID>').create({name: "Jane Doe", occupation: "Software Engineer", gender: 'female'});

//generate token for the user
const userToken = client.createUserToken('<FIREBASE UID>');

//Allow user to follow a feed
timeline_feed_1.follow('user', '<FIREBASE UID>');

//Check followers for the user
<FIREBASE UID>.followers({limit: '10', offset: '10'});

Would this work or am I going about this all wrong?

Thank you for reading!

P.S I have looked at Users auth and profiles in getstream.io and just wanted to clarify that my firebase example is what was meant by "Stream is best used in combination with an application"

fargoboyDC
  • 75
  • 2
  • 12

2 Answers2

3

I implemented a Firebase + GetStream.io user creation flow and can share what I did.

Big picture: After creating a Firebase UID, you have to use your own backend server to connect with the Stream API to create a new user (use the Firebase UID as the user_id) and generate that user's JSON Web Token ("JWT"). Your backend server then passes this JWT to your front end client (Swift iOS in my case), which then uses this JWT to allow the user to connect to the Stream API and access his authorized feeds etc. I used Python runtime Google Cloud Functions with a HTTP trigger as my "backend server". My Swift code called these functions via an HTTP POST request.

Here is my Python code to create a Stream user, substitute your own API key and secret:

import stream
from flask import escape

def createStreamUser(request):  
    content_type = request.headers['content-type']
    if content_type == 'application/json':
        request_json = request.get_json(silent=True)

        try:
            id = request_json['id']
            name = request_json['data']['name']
            avatarURL = request_json['data']['avatarURL']
        except:
            raise ValueError("JSON is invalid, or missing a 'name' property")

    client = stream.connect('YOUR_API_KEY', 'API_KEY_SECRET', location='us-east')

    userInfo = client.users.add(
        id, 
        {"name": name},
        get_or_create=True,
    )

    return

Here is a function which generates and returns a JWT to your front end client:

import stream
from flask import escape

def createUserToken(request):
    content_type = request.headers['content-type']
    if content_type == 'application/json':
        request_json = request.get_json(silent=True)

        try:
            id = request_json['id']
            name = request_json['data']['name']
        except:
            raise ValueError("JSON is invalid, or missing a 'name' property")

    client = stream.connect('YOUR_API_KEY', 'API_KEY_SECRET', location='us-east')

    user_token = client.create_user_token(id)

    return(user_token)
tenunderpar
  • 41
  • 4
1

It looks like Stream is best used in combination with an application in the answer you referenced was about using Stream API on a server and authenticate users there and then provide your frontend code with a user token after successful authentication.

Stream API client initialised using user tokens has restricted access in terms of which feeds are accessible or writable.

It is not recommended to put API secret in your frontend code as it may lead to unauthorised access to other users' data if someone extracts it from your app.

Nekuromento
  • 2,147
  • 2
  • 16
  • 17