Managing user accounts (registration, login, logout)

Create an account or session

All you need is an email address or phone number associated with an account and you will get a magic link or one-time password each time you want to log in. As soon as you click the link, you'll get redirected to the app and you'll already be logged in. After that, the magic link isn't valid so no one else can use it.

402-253-0935

release@my.usdirectexpress.com

code exchange with Auth0 and retrieve the user's id_token and access_token which will be stored in memory.

When using account linking it is important to be aware that some limitations exist. First, only two accounts can participate in a link. If an attempt is made to link to an account which is already linked, the new link will replace the original link. It is also not possible to link two accounts associated with the same authentication provider. While a Facebook account may be linked with a Google account, for example, it is not possible to link two Google provider based accounts. An attempt to link accounts from the same provider will result in an exception containing a message which reads as follows: User has already been linked to the given provider. Account linking can only be performed at the point at which a new account is created. It is not possible, in other words, to link two pre-existing accounts. A workaround to this limitation is to delete one of the two accounts and then establish the link while re-creating the account

recommend using Firebase when the API calls involve any user data and the API is intended to be used in flows where the user has an user interface

Cloud Endpoints handles both API keys and authentication schemes, such as Firebase or Auth0

Access control for GCP APIs encompasses authentication, authorization, and auditing. Authentication determines who you are, authorization determines what you can do, and auditing logs record what you did

API keys are for projects, authentication is for users