DEV Community

Stephen Nancekivell
Stephen Nancekivell

Posted on • Originally published at upollo.ai

Detecting account sharing and repeated trials in Firebase Auth with Upollo

#webdev #javascript #programming #react

Firebase Auth is a great tool to add account management to your app or service. It takes care of the myriad of ways people like to login.

firebase upollo

However, Firebase can't tell you anything about the people behind those accounts. It can't tell you if Bob creates a new account every month so he can get the free trial again and again. It also can’t tell you that Peter and Patsy have created one account and share the password so they only have to pay once.

With Upollo you can detect these events and nudge the user onto the right path. You can detect that Bob is creating his 10th account, stop giving him the free trial and convert him into a paying customer. You can tell Peter and Patsy that you know they are sharing an account which is against your policy and get them to upgrade their account.

To learn more about the opportunities in converting repeat trial users and account sharers see Turn Repeated Trials Into Growth and Grow By Understanding Account Sharing

This article will focus on web applications but the same applies to mobile apps as well.

Detecting account sharing and repeated trials in Firebase

Consider, if you are logging in using signInWithPopup from the Firebase SDK.

import { GoogleAuthProvider, signInWithPopup } from "firebase/auth";

const authProvider = new GoogleAuthProvider();
authProvider.addScope("profile");
authProvider.addScope("email");

await signInWithPopup(auth, authProvider);
Enter fullscreen mode Exit fullscreen mode

Instead of continuing your login flow after that you would use the assess method from Upollo Web Library with the user details returned from firebase. In the returned flags you can see if it is a repeated action or account sharing.

import { UpolloClient, EventType, FlagType } from "@upollo/web";

const upollo = new UpolloClient(β€œADD_API_KEY_HERE”);

const userCredential = await signInWithPopup(auth, authProvider)
const user = userCredentials.user

const identifyResponse = await upollo.assess(
  {
    userId: user.uid,
    userEmail: user.email,
    userPhone: user.phoneNumber,
    userName: user.displayName,
  },
  EventType.EVENT_TYPE_LOGIN
)

const flagTypes = identifyResponse.flags.map((flag) => flag.type);

if (flagTypes.includes(FlagType.ACCOUNT_SHARING)) {
  // The user was account sharing
  // let them know they should create their own account.
}

if (flagTypes.includes(FlagType.REPEATED_SIGNUP)) {
  // The user was repeating the trial
  // dont offer the trial for free.
}

// otherwise let the user continue normally
Enter fullscreen mode Exit fullscreen mode

For an even more secure solution, you can repeat the same checks server side by using the Upollo token and one of our server side libraries to validate the flags on your server.

If you are interested in this space and would like to hear more, please checkout Upollo or follow us on Twitter.

Top comments (0)

Read next

cachemerrill profile image

Latest Python Features That Every Developer Should Know

Cache Merrill -

ayoubkhan558 profile image

Implementing Very Basic Dark/Light Modes with CSS Variables and JavaScript πŸŒ“

Muhammad Ayoub Khan -

dilane3 profile image

Rasengan.js 1.0.0 Beta πŸš€

Dilane3 -

borisfmmkgr2 profile image

πŸ€ Looking for advice on integrating SportDevs API for a basketball app?

Boris -