Firebase Authentication : how to get current user's Password?

Question

i'm new to firebase Authentication.. so, i'm creating a basic app with a profile, i've made an activity to edit basic informations of the user such as DisplayName and Email... , i wan't to add the capability of changing passwords, but first , i wan't to check current user's password and compare it to a String from an InputEditText that the user must know his current password before changing it.

EDIT : the thing i'm asking about is i ask the user to write his current Password in order to be able to change it to a new one to reduce hacking or something like that, like on Facebook when you're trying to change the Email or Password or even the Name it asks you for your current Password.

![Example

This is way too broad you need to show an example of what you mean and what you are currently trying — dave, Dec 20 '17 at 17:08
What exactly does this have to do with Firebase? Are you using Firebase Authentication? — Doug Stevenson, Dec 20 '17 at 17:10
i ask the user to write his current password in order to be able to change it to a new one to reduce hacking or something like that, like on facebook when you're trying to change the email or password or even the name it asks you for your current password. — Tamim Attafi, Dec 20 '17 at 17:35
okay you really need to look at https://stackoverflow.com/help/mcve and expalin your question better — dave, Dec 20 '17 at 17:52
If you read the firebase docs there is a method in there to change a users password, and check if a user is signed in, and how to sign a user in etc if this is what you mean https://firebase.google.com/docs/auth/android/manage-users — dave, Dec 20 '17 at 18:19
i've seen those docs , but the thing i want , before appliying these methods to change the password, i want to check if the user is the account owner , so no one can change your password even if he finds your account logged in he must know the old password. — Tamim Attafi, Dec 20 '17 at 18:37

score 7 · Accepted Answer · answered Dec 20 '17 at 19:19

From the Firebase documentation:

Some security-sensitive actions—such as deleting an account, setting a primary email address, and changing a password—require that the user has recently signed in.

If you perform one of these actions, and the user signed in too long ago, the action fails and throws FirebaseAuthRecentLoginRequiredException. When this happens, re-authenticate the user by getting new sign-in credentials from the user and passing the credentials to reauthenticate. For example:
FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();

// Get auth credentials from the user for re-authentication. The example below shows
// email and password credentials but there are multiple possible providers,
// such as GoogleAuthProvider or FacebookAuthProvider.
AuthCredential credential = EmailAuthProvider
    .getCredential("user@example.com", "password1234");
// Prompt the user to re-provide their sign-in credentials
user.reauthenticate(credential)
    .addOnCompleteListener(new OnCompleteListener<Void>() {
        @Override
        public void onComplete(@NonNull Task<Void> task) {
            Log.d(TAG, "User re-authenticated.");
        }
    });

so when the user tries to change the password, this method askes him to reSign in ? please i don't really get it. — Tamim Attafi, Dec 20 '17 at 20:46
Changing the password requires that the user has recently signed in. If it's been too long since they last signed in, Firebase will throw an exception. When that happens, you need to reauthenticate before trying to change the password again. — Frank van Puffelen, Dec 20 '17 at 21:22
Hey Tamim, this is the mechanism where you first ask the user to provide their existing password first. You re-authenticate with that. If successful, you then can ask the user for the new password and call `updatePassword` API to update the user's password. It is exactly what you are asking for. — bojeil, Dec 21 '17 at 00:19

Firebase Authentication : how to get current user's Password?

1 Answers1

Linked