0

So I know in Firebase Flutter there is the method User?.delete() which deletes the current logged in user. But I'm building an Admin Menu in which he can delete any of the users not only the current one.

I found a method in here that basically signs in the user using firebaseAuth.signInWithCredential() but this only works with the email and password provider. But it doesn't work with the google signed In ones.

A solution I came up with is that I delete the users documents in FireStore and add a condition in the log in page that states if the user doesn't have a document then don't let him in. And even though it works I'm looking for another one that is more practical.

With that said, is there any method that can delete the user using only he's email regardless of his AuthProvider?

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
Saif Romdhane
  • 47
  • 4

1 Answers1

1

You can't use a Firebase web or mobile SDK to delete any user other than the one that's currently signed in. That would be a huge security hole.

You will need a backend for this, and you will need the Firebase Admin SDK for the language you've chosen. With that, you can find a user by email address, then delete the user using their UID. This is all described in the documentation.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
  • Curiously does Firebase support MySQL Workbench connections or is it all proprietary? If so, that seems like you could do the backend stuff yourself, but I suspect Amazon wants the money. – easleyfixed May 25 '23 at 19:06
  • It's all proprietary. – Doug Stevenson May 25 '23 at 21:25
  • SOB I knew it .. well good to know, thanks! – easleyfixed May 25 '23 at 21:29
  • First of all, thank you for your assistance, I appreciate it. And yes that is a possible solution that I found while searching online. However it is not yet integrated with flutter, so I couldn't utilise it. – Saif Romdhane May 27 '23 at 19:01
  • But the solution that I implemented was to delete the files of the user from the admin Interface once he is logged out and then add his email to a list saved in the database. Then when the user tries to log in again I would cross check his email to the list. In the case where it is found, then I would sign him in, delete the account and then show him a message informing him that his account have been deleted and that he should contact the admin by the email shown in the message. – Saif Romdhane May 27 '23 at 19:07