Fixes.

Author: agentphantom

README.md

@@ -13,7 +13,7 @@ This service allows you to securely authenticate users into your app. It uses Go
 
 * Leverages the use of OAuth, saving time and effort.
 * Authenticate with `Facebook`, `Google`, `Twitter`, `Email`, `Anonymous` and more.
-* Generates an `idToken` that can be used for secure operations against Firebase Storage and Firebase Database.
+* Generates an `authToken` that can be used for secure operations against Firebase Storage and Firebase Database.
 
 ## Firebase Database
 *Main guide: [Firebase Database](./database)*
@@ -70,7 +70,7 @@ Free and open source!
 
 These guides are based on the JavaScript SDK and therefore have their same limitation of being web based only. If you need the rest of features that Firebase offers I strongly recommend using an ANE.
 
-### **Where did you got the documentation for Auth and Storage?**
+### **How did you got the documentation for Auth and Storage?**
 
 I studied the JavaScript SDK and its official documentation, then I determined the API paths, requests, results and errors. 
 

auth/README.md

@@ -192,21 +192,19 @@ This information is formatted the same for all providers, the most important val
 Name | Description
 ---|---
 `localId`| A unique id assigned for the logged in user for your specific Firebase project. This is very useful when working with Firebase Database and Firebase Storage.
-`idToken`| An Authentication token that is used to identify the current logged in user. The `idToken` is heavily used in all Firebase features.
+`idToken`| An identity token that is used to identify the current logged in user. The `idToken` is used in further Auth requests such as exchanging it for an `access_token`.
 `displayName`| The logged in user full name (Google and Facebook) or their handler in Twitter.
 `photoUrl`| The logged in user avatar.
 `email`| The logged in user email address.
 
 Note that not all providers return the same information, for example Twitter doesn't return an Email Address.
 
-Once you have the profile information you might want to save it on an Object that can be globally accessed, you will need it when performing Auth requests against Firebase Database and Firebase Storage.
+Once you have the profile information you might want to save it on an Object that can be globally accessed, you might want to also save it to disk using a `SharedObject` or using the `FileStream` class.
 
-The `idToken` you receive from this response doesn't work with Firebase Database and Firebase Storage requests. You must exchange it for a new one using the next method. It still works for further Firebase Auth requests.
+## Obtaining and Refreshing an Access Token
 
-## Refreshing the idToken
-
-By default the `idToken` has an expiration time of 60 minutes, you can reset its expiration by requesting a fresh one.
-To refresh an `idToken` you will only need to provide the previous one and specify the `grant_type` as `"authorization_code"`.
+By default the `access_token` has an expiration time of 60 minutes, you can reset its expiration by requesting a fresh one.
+To obtain or refresh an `access_token` you only need to provide the `idToken` from a Sign In or Verify Account request and specify the `grant_type` as `"authorization_code"`.
 
 ```actionscript
 private function refreshToken(idToken:String):void
@@ -231,7 +229,7 @@ private function refreshToken(idToken:String):void
 private function refreshTokenLoaded(event:flash.events.Event):void
 {
     var rawData:Object = JSON.parse(event.currentTarget.data);
-    var newIdToken:String = rawData.access_token;
+    var accessToken:String = rawData.access_token;
 }
 
 private function errorHandler(event:flash.events.IOErrorEvent):void
@@ -256,3 +254,4 @@ A successful response will look like the following JSON structure:
 
 Once you have got the `access_token` you are ready to perform secure operations against the Firebase Database and Firebase Storage services.
 
+In this guide and examples, the `access_token` and `authToken` represent the same value.

auth/email/README.md

@@ -78,7 +78,9 @@ The user will be automatically registered in the Auth section from your Firebase
 
 For an Anonymous approach you don't need to specify anything in the request body. You will still get a response similar to the above just without an Email Address.
 
-The `idToken` received from this response does work for the Firebase Database, Firebase Storage and Firebase Auth requests.
+The `idToken` received from this response can be used as an `authToken` for the Firebase Database, Firebase Storage and Firebase Auth requests.
+
+Once this Sign Up token has expired you must refresh it (see bottom of this page).
 
 ## Verifying Credentials (Sign In)
 
@@ -125,8 +127,7 @@ A successful response will look like the following JSON structure:
 
 Note that failing to enter the correct password 3 times in a row will block the IP for future login attempts for a while.
 
-The `idToken` received from this response doesn't work for Firebase Databasae and Firebase Storage requests. You must refresh the `idToken` to get a functional one (see bottom of this guide).
-It does still work for Firebase Auth requests. 
+The `idToken` received from this response is used to perform further account management requests. It is also used to get an `access_token` for Auth requests. For more information see the bottom of this page.
 
 ## Password Reset
 
@@ -387,10 +388,10 @@ A successful response will look like the following JSON structure:
 }
 ```
 
-## Refreshing the idToken
+## Obtaining and Refreshing an Access Token
 
-By default the `idToken` has an expiration time of 60 minutes, you can reset its expiration by requesting a fresh one.
-To refresh an `idToken` you will only need to provide the previous one and specify the `grant_type` as `"authorization_code"`.
+By default the `access_token` has an expiration time of 60 minutes, you can reset its expiration by requesting a fresh one.
+To obtain or refresh an `access_token` you only need to provide the `idToken` from a Sign In or Verify Account request and specify the `grant_type` as `"authorization_code"`.
 
 ```actionscript
 private function refreshToken(idToken:String):void
@@ -415,7 +416,7 @@ private function refreshToken(idToken:String):void
 private function refreshTokenLoaded(event:flash.events.Event):void
 {
     var rawData:Object = JSON.parse(event.currentTarget.data);
-    var newIdToken:String = rawData.access_token;
+    var accessToken:String = rawData.access_token;
 }
 
 private function errorHandler(event:flash.events.IOErrorEvent):void
@@ -438,4 +439,6 @@ A successful response will look like the following JSON structure:
 }
 ```
 
-Once you have got the `access_token` you are ready to perform secure operations against the Firebase Database and Firebase Storage services.
+Once you have got the `access_token` you are ready to perform secure operations against the Firebase Database and Firebase Storage services.
+
+In this guide and examples, the `access_token` and `authToken` represent the same value.

database/README.md

@@ -108,11 +108,11 @@ The `auth.uid` parameter means the following:
 
 An Authentication Token is an encoded string that contains information about the user that is trying to perform an operation against the database.
 
-There are several ways to generate these tokens, this guide will only explain how to do it using Google Identity Toolkit so you won't require to do Crytographic wizardy.
+There are several ways to generate these tokens, this guide will only explain how to do it using Google Identity Toolkit so you won't require to do Cryptographic wizardy.
 
-For more detailed information on how to generate and manage an `idToken` please consult the [auth guide](/../auth).
+For more detailed information on how to generate and manage an `authToken` please consult the [Firebase Auth guide](/../auth).
 
-Once you have got a fresh `idToken` you are ready to perform secure operations against the Firebase Database and Firebase Storage.
+Once you have got a fresh `authToken` you are ready to perform secure operations against the Firebase Database and Firebase Storage.
 
 ## Reading the Database
 
@@ -142,9 +142,9 @@ A simple GET request (the default for `URLRequest`) is enough. Remember to alway
 To load a Private resource use the following code:
 
 ```actionscript
-private function loadSpecialOffers(idToken:String):void
+private function loadSpecialOffers(authToken:String):void
 {
-    var request:URLRequest = new URLRequest("https://<YOUR-PROJECT-ID>.firebaseio.com/specialoffers.json?auth="+idToken);
+    var request:URLRequest = new URLRequest("https://<YOUR-PROJECT-ID>.firebaseio.com/specialoffers.json?auth="+authToken);
 			
     var loader:URLLoader = new URLLoader();
     loader.addEventListener(flash.events.Event.COMPLETE, offersLoaded);
@@ -192,7 +192,7 @@ We used a `ProgressEvent.PROGRESS` instead of the usual `Event.COMPLETE`. Everyt
 
 Remember to remove the event listener once you have finished working with the realtime data or it will continue listening to it.
 
-Auth works exactly the same as with non-realtime data, you only need to provide the `auth` parameter with a valid `idToken` in the URL.
+Auth works exactly the same as with non-realtime data, you only need to provide the `auth` parameter with a valid `authToken` in the URL.
 
 ## Modyfing the Database
 
@@ -337,12 +337,12 @@ For example, we want that each user has their independent journal that they can
 }
 ```
 
-When you want to modify or read their journal you need to specify the users's `localId` (known as `uid` inside the rules)  and `idToken` as part of the URL.
+When you want to modify or read their journal you need to specify the users's `localId` (known as `uid` inside the rules)  and `authToken` as part of the URL.
 
 ```actionscript
-private function loadPrivateJournal(localId:String, idToken:String):void
+private function loadPrivateJournal(localId:String, authToken:String):void
 {
-    var request:URLRequest = new URLRequest("https://<YOUR-PROJECT-ID>.firebaseio.com/journals/"+localId+".json?auth="+idToken);
+    var request:URLRequest = new URLRequest("https://<YOUR-PROJECT-ID>.firebaseio.com/journals/"+localId+".json?auth="+authToken);
 			
     var loader:URLLoader = new URLLoader();
     loader.addEventListener(flash.events.Event.COMPLETE, journalLoaded);
@@ -356,6 +356,8 @@ private function journalLoaded(event:flash.events.Event):void
 }
 ```
 
-The `localId` and `auth` values can be obtained after a successful operation with the `Firebase Auth` service.
+The `localId` can be obtained after a successful `Sign In`, `Sign Up` or `Get Account Info` request.
+
+The `auth` value can be obtained after a successful `Refresh Token` request.
 
 For more information on these values you can read the [Firebase Auth guide](./../auth/).

examples/FileManager.mxml

@@ -17,6 +17,7 @@
 			private var alert:Alert;
 			private var fileRef:FileReference;
 			private var profile:Object;
+			private var authToken:String;
 			
 			private function goRegisterState():void
 			{
@@ -101,6 +102,7 @@
 			{
 				var rawData:Object = JSON.parse(event.currentTarget.data);
 				profile = rawData;
+				authToken = rawData.idToken;
 				currentState = "ManagerState";
 			}
 			
@@ -129,7 +131,7 @@
 			private function refreshTokenLoaded(event:flash.events.Event):void
 			{
 				var rawData:Object = JSON.parse(event.currentTarget.data);
-				profile.idToken = rawData.access_token;
+				authToken = rawData.access_token;
 				this.currentState = "ManagerState";
 			}
 			
@@ -138,7 +140,7 @@
 			*/
 			protected function loadFiles():void
 			{
-				var request:URLRequest = new URLRequest(IMAGES_URL+"/"+profile.localId+".json?auth="+profile.idToken);
+				var request:URLRequest = new URLRequest(IMAGES_URL+"/"+profile.localId+".json?auth="+authToken);
 				
 				var loader:URLLoader = new URLLoader();
 				loader.addEventListener(flash.events.Event.COMPLETE, filesLoaded);
@@ -194,7 +196,7 @@
 			
 			private function completeHandler(event:Event):void
 			{				
-				var header:URLRequestHeader = new URLRequestHeader("Authorization", "Bearer "+profile.idToken);         
+				var header:URLRequestHeader = new URLRequestHeader("Authorization", "Bearer "+authToken);         
 				
 				var request:URLRequest = new URLRequest(STORAGE_URL+"images%2F"+profile.localId+"%2F"+fileRef.name);
 				request.method = URLRequestMethod.POST;
@@ -226,7 +228,7 @@
 				var header:URLRequestHeader = new URLRequestHeader("Content-Type", "application/json");
 				var header2:URLRequestHeader = new URLRequestHeader("X-HTTP-Method-Override", "PATCH");			
 				
-				var request:URLRequest = new URLRequest(IMAGES_URL+"/"+profile.localId+"/"+rawData.generation+".json?auth="+profile.idToken);
+				var request:URLRequest = new URLRequest(IMAGES_URL+"/"+profile.localId+"/"+rawData.generation+".json?auth="+authToken);
 				request.data = JSON.stringify(myObject);
 				request.method = URLRequestMethod.POST;
 				request.requestHeaders.push(header);
@@ -264,7 +266,7 @@
 			protected function deleteImage():void
 			{
 				var header:URLRequestHeader = new URLRequestHeader("X-HTTP-Method-Override", "DELETE");         
-				var header2:URLRequestHeader = new URLRequestHeader("Authorization", "Bearer "+profile.idToken);         
+				var header2:URLRequestHeader = new URLRequestHeader("Authorization", "Bearer "+authToken);         
 				
 				var request:URLRequest = new URLRequest(STORAGE_URL+formatUrl(filesGrid.selectedItem.name));
 				trace(request.url);
@@ -283,7 +285,7 @@
 				//The file has been deleted from Storage, now we delete it from the Database.
 				var header:URLRequestHeader = new URLRequestHeader("X-HTTP-Method-Override", "DELETE");         
 				
-				var request:URLRequest = new URLRequest(IMAGES_URL+"/"+profile.localId+"/"+filesGrid.selectedItem.generation+".json?auth="+profile.idToken);
+				var request:URLRequest = new URLRequest(IMAGES_URL+"/"+profile.localId+"/"+filesGrid.selectedItem.generation+".json?auth="+authToken);
 				request.method = URLRequestMethod.POST;
 				request.requestHeaders.push(header);
 				

examples/README.md

@@ -40,7 +40,8 @@ You will only require the following Database Rules:
 
 ## FileManager.mxml
 
-An Apache Flex example that demonstrates how to use Firebase Auth, Firebase Storage and Firebase Database to store and manage user images. Every user will have their own private folder where they will be able to upload, doanload and delete their images.
+An Apache Flex example that demonstrates how to use Firebase Auth, Firebase Storage and Firebase Database to store and manage user images.
+Every user will have their own private folder where they will be able to upload, download and delete their images.
 
 You will require the following Database Rules:
 

examples/SimpleChat.mxml

@@ -13,7 +13,8 @@
 			
 			private var messagesStream:URLStream;
 			private var profile:Object;
-			
+			private var authToken:String;
+
 			private function goRegisterState():void
 			{
 				this.currentState = "RegisterState";
@@ -94,6 +95,7 @@
 			{
 				var rawData:Object = JSON.parse(event.currentTarget.data);
 				profile = rawData;
+				authToken = rawData.idToken;
 				currentState = "ChatState";
 			}
 			
@@ -122,7 +124,7 @@
 			private function refreshTokenLoaded(event:flash.events.Event):void
 			{
 				var rawData:Object = JSON.parse(event.currentTarget.data);
-				profile.idToken = rawData.access_token;
+				authToken = rawData.access_token;
 				this.currentState = "ChatState";
 			}
 			
@@ -132,7 +134,7 @@
 			private function loadRealtime():void
 			{
 				var header:URLRequestHeader = new URLRequestHeader("Accept", "text/event-stream");
-				var request:URLRequest = new URLRequest(CHATROOM_URL+'.json?auth='+profile.idToken);
+				var request:URLRequest = new URLRequest(CHATROOM_URL+'.json?auth='+authToken);
 				request.requestHeaders.push(header);
 				
 				messagesStream = new URLStream();
@@ -214,7 +216,7 @@
 					myObject.senderName = profile.displayName;
 					myObject.timestamp = new Date().getTime();
 					
-					var request:URLRequest = new URLRequest(CHATROOM_URL+".json?auth="+profile.idToken);
+					var request:URLRequest = new URLRequest(CHATROOM_URL+".json?auth="+authToken);
 					request.data = JSON.stringify(myObject);
 					request.method = URLRequestMethod.POST;