Firebase - Should I stop using Anonymous Auth in my specific case? (Also, how to delete users)

Question

Ok, I have a two part question relating to the same thing.

I know that this has been asked on SO at least four times but my question is slightly different.

Problem 1:

I use Anonymous Auth for my app (authenticate users with my server once on app install, and never again). The anonymous auth is just done on the Android device so they can access the Firebase Database and Storage. I have the classic "1000+ anonymous users" problem that many seem to wind up with. (I actually have 22 users MAX).

Possible solution: I know that you can not bulk-delete anonymous users, but, if I copy all the user ID's (all anonymous) into a file and read it into my node.js server, can I programatically log into all of them one at a time and delete them? This solution is only for this one time "Delete these 1000 users" problem. After that is done, I arrive at the next problem which is preventing this from happening again.

Problem 2:

The reason I am using anonymous authentication is because this app is an emergency notification app for a government office with 22 users at the absolute max. These devices need to be listening for notifications non-stop. I use FCM to send the actual alert, but if the user's email/password/google/whatever login enters a 'signed-out' state, will that device still get the FCM notification?

The reason I ask is that maybe I don't need to use anonymous auth afterall. I used it because I need to know with absolute 100% certainty that no matter what the user does (short of un-installing my app or having no network connection) that they will get the notification. Anonymous auth allowed me to guarantee that when they entered my app they could access the database.

Again, I think I am doing this incorrectly.

Summary:

I have a Firebase DB that stores "Alert objects" that users send. The users (22 max) send these alerts directly from their Android device to the DB. My node.js server is constantly listening for changes. When it sees a change, it works it's magic, then sends out FCM notifications to all the users that were listed as recipients on that notification. On the Android side, these users authenticate to the Firebase DB anonymously. When they install the app, however, they enter their username/password that I pre-stage for them in the Firebase Database (using a front-end web app that I made and host on my nodejs server). Is this anonymous authentication necessary in my case, or can I have them make an email/password authentication with Firebase and still be guaranteed they will get the alert.

Ok, this question is getting too long, I will stop this here. Thank you in advance.

Answer 1

You don't need to worry about this, Firebase authentication is independent of FCM; the only thing you may need to worry about is token expiration (covered in this question).

So yeah, you can drop anonymous authentication, no problem if the session expires.

Answer 2

@Jaime's answer is still me selected answer, but I just wanted to add a method I just used to (sort-of) bulk-delete. Mostly because I felt clever after doing it and I am not that clever.

I downloaded a mouse-automation application that lets you record your mouse clicks then replay it automatically. I just deleted almost 1000 users while playing the piano lol.

I used Macro Recorder and it worked like a charm. Just recorded a few iterations in the console of me deleting users, set it to repeat 500 times and walked away.

I know this isn't a very technical answer, but it saved me hours of monotonous mouse clicking so hopefully someone else looking for a way to bulk-delete will benefit from it as well. I hated the fact that there was no bulk-delete and really needed a way out of it. It only took about 20 manual deletes to realize there were apps that could do what I was doing.