📱 FCM Login

📖 Overview

FCM Login is a modern authentication and user management system built with Laravel backend and iOS native SwiftUI frontend. The application provides secure authentication with Firebase integration, social login support, and push notification capabilities.

Technology Stack

✨ Features

Authentication & User Management

• Multi-Provider Authentication: Support for email/password, Google, Apple, Facebook, and Firebase authentication
• Email Verification: Automated email verification system for new registrations
• Password Management: Secure password reset and change functionality
• Session Management: Multi-device session tracking with ability to logout from specific devices or all devices
• Profile Management: User profile updates with image upload support

Security Features

• Laravel Sanctum: Token-based API authentication
• Session Validation: Custom middleware to validate active sessions
• Rate Limiting: API throttling to prevent abuse
• Firebase Custom Tokens: Support for non-native providers like LinkedIn

Push Notifications

• FCM Integration: Firebase Cloud Messaging for push notifications
• Secure Token Management: Bearer token authenticated FCM token endpoint (POST /fcm-token)
• Targeted Notifications: Send notifications to specific users or all devices from admin panel
• Rate Limited: 20 requests/min for token updates

Additional Features

• App Update Check: Version management for iOS and Android platforms
• Onboarding Screens: Customizable onboarding flow for new users
• CMS Pages: Dynamic content management with rich text editor
• Account Deletion: Secure email-based account deletion with 10-minute expiry
• Maintenance Mode: App-wide maintenance mode control
• SwiftUI Design: Modern, declarative UI framework for iOS
• RESTful API: Well-structured v1 API with comprehensive endpoints

🚀 Laravel Backend Setup

Prerequisites

• PHP 8.2 or higher - Download PHP
• Composer - PHP dependency manager - Download Composer
• MySQL 8.0+ or MariaDB 10.3+ - Database server
• Node.js & NPM - For frontend assets compilation - Download Node.js

Step 1: Download & Install Dependencies

1Download the source code and install dependencies:

# Extract the downloaded source code
# Navigate to the project directory
cd fcmlogin-admin

# Install PHP dependencies
composer install

# Install Node dependencies
npm install

Step 2: Environment Configuration

2Set up your environment variables:

# Copy the example environment file
cp .env.example .env

# Generate application key
php artisan key:generate

Edit the .env file with your configuration:

APP_NAME="FCM Login"
APP_ENV=local
APP_DEBUG=true
APP_URL=http://localhost

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=fcmlogin
DB_USERNAME=root
DB_PASSWORD=your_password

MAIL_MAILER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=your_username
MAIL_PASSWORD=your_password
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS="noreply@fcmlogin.com"
MAIL_FROM_NAME="${APP_NAME}"

Step 3: Firebase Configuration

3Set up Firebase for your Laravel application:

3.1 Create Firebase Project

1. Go to Firebase Console
2. Click "Add project" and follow the setup wizard
3. Enable Authentication methods (Email/Password, Google, Apple, Facebook)
4. Enable Cloud Messaging for push notifications

3.2 Download Service Account Key

1. In Firebase Console, go to Project Settings → Service Accounts
2. Click "Generate new private key"
3. Save the JSON file as firebase-admin.json
4. Place it in storage/app/firebase-admin.json

# Create the storage directory if it doesn't exist
mkdir -p storage/app

# Move your downloaded file
mv ~/Downloads/your-project-firebase-adminsdk.json storage/app/firebase-admin.json

# Set proper permissions
chmod 600 storage/app/firebase-admin.json

3.3 Configure Firebase in .env

FIREBASE_CREDENTIALS=storage/app/firebase-admin.json
FIREBASE_DATABASE_URL=https://your-project-id.firebaseio.com

Step 4: Database Setup

4Create and migrate the database:

# Create database
mysql -u root -p -e "CREATE DATABASE fcmlogin CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"

# Run migrations
php artisan migrate

# (Optional) Seed sample data
php artisan db:seed

Step 5: Storage & Permissions

5Set up storage and permissions:

# Create storage link
php artisan storage:link

# Set proper permissions (Linux/Mac)
chmod -R 775 storage bootstrap/cache
chown -R www-data:www-data storage bootstrap/cache

Step 6: Start Development Server

6Run the development server:

# Start Laravel development server
php artisan serve

# In another terminal, compile assets
npm run dev

API Base URL Configuration

For production deployment, update your APP_URL in .env:

APP_URL=https://api.yourdomain.com

📱 iOS SwiftUI App Setup

Prerequisites

• macOS 12.0 or later - Required for Xcode
• Xcode 14.0 or later - Download from App Store
• iOS 15.0+ Device or Simulator
• Apple Developer Account - For device testing and App Store deployment
• CocoaPods - Dependency manager for iOS

Step 1: Install CocoaPods

1Install CocoaPods if you haven't already:

# Install CocoaPods
sudo gem install cocoapods

# Verify installation
pod --version

Step 2: Project Setup

2Open your iOS project in Xcode:

# Navigate to iOS project directory
cd /path/to/your/ios-project

# Install dependencies
pod install

# Open workspace (not .xcodeproj)
open YourApp.xcworkspace

Step 3: Firebase iOS Configuration

3Add Firebase to your iOS app:

3.1 Register iOS App in Firebase

1. Go to Firebase Console
2. Select your project
3. Click "Add app" and select iOS
4. Enter your iOS bundle ID (e.g., com.yourcompany.fcmlogin)
5. Download GoogleService-Info.plist

3.2 Add GoogleService-Info.plist to Xcode

1. Drag GoogleService-Info.plist into your Xcode project
2. Make sure "Copy items if needed" is checked
3. Select your app target
4. Click "Finish"

3.3 Install Dependencies via CocoaPods

Update your Podfile with required dependencies:

• ReachabilitySwift - Network connectivity monitoring
• FacebookLogin & FBSDKLoginKit - Facebook authentication
• Firebase SDK pods as needed for your app

Install the pods:

pod install

Step 4: Configure App Delegate

4Initialize Firebase in your AppDelegate.swift:

• Import Firebase and FirebaseMessaging
• Call FirebaseApp.configure() in didFinishLaunchingWithOptions
• Register for remote notifications
• Set up FCM messaging delegate
• Handle device token registration

Step 5: Update Main App File

5Update your main SwiftUI app file:

• Add @UIApplicationDelegateAdaptor to connect AppDelegate
• This allows SwiftUI to use the AppDelegate for Firebase initialization

Step 6: Configure API Base URL

6Update the API configuration in AppsSetting.swift:

1. Open customfiles/AppsSetting.swift in Xcode.
2. Locate the API struct around line 22.
3. Update rootURL to your server URL:

struct API {
    // Update this to your production URL
    static let rootURL = "https://your-domain.com"
    // The baseURL will automatically update to use this rootURL
    static let baseURL = "\(rootURL)/api/v1"
    
    // ...
}

Step 7: Configure Xcode Capabilities

7Enable required capabilities in Xcode:

1. Select your Project in the Project Navigator
2. Select the App Target
3. Go to the Signing & Capabilities tab
4. Click + Capability and add:
   • Push Notifications (Required for FCM)
   • Background Modes → Check Remote notifications

Step 8: Configure Info.plist

8Add required permissions and URL schemes to Info.plist:

• Camera Permission: NSCameraUsageDescription - "We need camera access to capture profile photos."
• Photo Library Permission: NSPhotoLibraryUsageDescription - "We need photo library access to upload profile photos."
• FaceID Permission: NSFaceIDUsageDescription - "We use FaceID to securely unlock your profile."
• Google Sign-In URL Scheme: Add your Google client ID reversed (found in GoogleService-Info.plist)
• Facebook URL Scheme: Add your Facebook app ID with fb prefix
• Query Schemes: Add fbapi and fb-messenger-share-api

Step 9: Build and Run

9Build and run your app:

1. Select your target device or simulator in Xcode
2. Press Cmd + R or click the Run button
3. Wait for the build to complete
4. Test authentication and push notifications

🔔 iOS Push Notification Setup

Complete guide to configuring Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM).

Step 1: Create APNs Authentication Key

1Generate a key in Apple Developer Console:

1. Log in to Apple Developer Console
2. Go to Certificates, Identifiers & Profiles
3. Select Keys from the sidebar
4. Click the + button to create a new key
5. Enter a name (e.g., "FCM Push Key")
6. Check Apple Push Notifications service (APNs)
7. Click Continue and then Register
8. Download the .p8 file (save this securely, you can only download it once!)
9. Note your Key ID and Team ID (from the top right corner)

Step 2: Configure Firebase Console

2Upload your APNs key to Firebase:

1. Go to Firebase Console
2. Open your project and go to Project settings (gear icon)
3. Select the Cloud Messaging tab
4. Scroll to Apple app configuration
5. Under APNs Authentication Key, click Upload
6. Upload the .p8 file you downloaded in Step 1
7. Enter your Key ID and Team ID
8. Click Upload

Step 3: Xcode Capabilities

3Enable Push Notifications in Xcode:

1. Open your project in Xcode
2. Select your App Target
3. Go to Signing & Capabilities tab
4. Click + Capability
5. Search for and add Push Notifications
6. Click + Capability again
7. Search for and add Background Modes
8. Check Remote notifications under Background Modes

Step 4: Testing Push Notifications

4Verify the integration:

• Run the app on a real iOS device (Push Notifications do not work on Simulator)
• Accept the permission prompt for notifications
• Go to Firebase Console → Messaging
• Create a new campaign
• Enter a title and body
• Select your iOS app as the target
• Send a test message or publish the campaign

🔌 API Reference

Complete API documentation for integrating with the Laravel backend.

Authentication Endpoints

Register POST

Endpoint: /auth/register

Description: Register a new user account with email verification

Required Fields: username, email, password, mobile_no

Login POST

Endpoint: /auth/login

Description: Authenticate user and create session. Returns bearer token for subsequent requests.

Required Fields: email, password, device_name, device_os, app_version

Social Login POST

Endpoint: /auth/social

Description: Authenticate with social providers (Google, Apple, Facebook)

Required Fields: provider, id_token, device_name, device_os, app_version

Firebase Verify POST

Endpoint: /auth/firebase/verify

Description: Verify Firebase ID token and authenticate

Required Fields: firebase_id_token, device_name, device_os, app_version

Forgot Password POST

Endpoint: /auth/forgot-password

Description: Send password reset link to user's email

Required Fields: email

Reset Password POST

Endpoint: /auth/reset-password

Headers: Authorization: Bearer {token}

Description: Change user password (requires authentication)

Required Fields: old_password, new_password, new_password_confirmation

User Profile Endpoints

Get Profile GET

Endpoint: /me

Headers: Authorization: Bearer {token}

Update Profile PUT POST

Endpoint: /me

Headers: Authorization: Bearer {token}

Description: Update user profile information

Optional Fields: username, mobile_no, profile_image

Session Management Endpoints

Get All Sessions GET

Endpoint: /sessions

Headers: Authorization: Bearer {token}

Description: Get all active sessions for the authenticated user

Delete Specific Session DELETE

Endpoint: /sessions/{id}

Headers: Authorization: Bearer {token}

Description: Logout from a specific device

Delete All Sessions DELETE

Endpoint: /sessions

Headers: Authorization: Bearer {token}

Description: Logout from all devices

Push Notification Endpoints

Update FCM Token POST

Endpoint: /fcm-token

Headers: Authorization: Bearer {token}

Description: Update FCM token for authenticated user (secured with bearer token)

Required Fields: fcm_token (20-500 characters)

Rate Limit: 20 requests per minute

Error Responses

All error responses follow this format:

{
    "message": "The given data was invalid.",
    "errors": {
        "field_name": [
            "Error message here"
        ]
    }
}

🗑️ Account Deletion

Secure account deletion feature with email confirmation and time-limited links.

How It Works

1. User requests account deletion from the app (requires authentication)
2. System sends a confirmation email with a secure deletion link
3. Link is valid for 10 minutes only
4. User clicks the link to confirm deletion
5. Account and all associated data are permanently deleted
6. User sees a success page confirming deletion

API Endpoints

Request Account Deletion POST

Endpoint: /account/delete/request

Headers: Authorization: Bearer {token}

Rate Limit: 5 requests per minute

Description: Request account deletion. User is identified from bearer token. No body required. Sends confirmation email with deletion link valid for 10 minutes. User must click the link in email to complete deletion.

Security Features

• Bearer Token Authentication: Only authenticated users can request deletion
• Email Verification: Confirmation link sent to registered email only
• Time-Limited Links: Deletion links expire after 10 minutes
• One-Time Use: Each deletion token can only be used once
• Rate Limiting: Prevents abuse with 5 requests per minute limit
• Secure Tokens: 64-character random tokens for deletion links

📄 CMS Pages & App Settings

Dynamic content management system for app pages and settings.

Overview

The CMS system allows you to manage dynamic content pages and app-wide settings from the admin panel:

• CMS Pages: Create pages like Privacy Policy, Terms of Service, About Us, etc.
• App Settings: Control maintenance mode, app versions, and other global settings
• Rich Text Editor: Summernote editor for formatted content
• Auto-Generated Slugs: URL-friendly slugs created from page titles

API Endpoints

1. Get App Settings GET

Endpoint: /app-settings

Authentication: Not required (public)

Description: Get app-wide settings including maintenance mode status, app versions, and force update flags.

Returns: maintenance_mode, maintenance_message, ios_version, ios_force_update, android_version, android_force_update, app_name, support_email

2. Get All CMS Pages GET

Endpoint: /cms-pages

Authentication: Not required (public)

Description: Get all published CMS pages with their content.

Returns: Array of pages with id, title, slug, content (HTML), created_at, updated_at

3. Get Single CMS Page GET

Endpoint: /cms-pages/{slug}

Authentication: Not required (public)

Description: Get a specific CMS page by its slug (e.g., privacy-policy, terms-of-service).

Returns: Page object with id, title, slug, content (HTML), created_at, updated_at

Maintenance Mode Implementation

Check maintenance mode status on app launch using the /app-settings endpoint. If maintenance_mode is true, display the maintenance screen with the provided message.

Common Use Cases

💬 Support & Contact

Contact Information

Before Contacting Support

When Contacting Support, Please Include:

1. Purchase Code: Your unique purchase/license code for verification
2. Specific Error Details:
   • Complete error message from console/logs
   • Screenshot of the error (if applicable)
   • Steps to reproduce the issue
3. Environment Information:
   • PHP version (php -v)
   • Laravel version
   • iOS version and Xcode version (for iOS issues)
   • Operating system (macOS, Windows, Linux)
4. What You've Tried: List any troubleshooting steps you've already attempted

Support Response Time

We strive to respond to all support requests within:

• Critical Issues: Within 4-6 hours during business hours
• General Inquiries: Within 24 hours
• Feature Requests: Within 48 hours

Email Template for Support Requests

Subject: [FCM Login] - [Brief Description of Issue]

Purchase Code: YOUR_PURCHASE_CODE_HERE

Issue Description:
[Describe your issue in detail]

Environment:
- PHP Version: 
- Laravel Version: 
- iOS Version (if applicable): 
- Xcode Version (if applicable): 
- Operating System: 

Error Message/Console Output:
[Paste error message or attach screenshot]

Steps to Reproduce:
1. 
2. 
3. 

What I've Tried:
- 
- 

Additional Information:
[Any other relevant details]

🔧 Troubleshooting

Laravel Backend Issues

Database Connection Error

Solution:

• Verify MySQL is running: mysql.server status
• Check database credentials in .env
• Ensure database exists: CREATE DATABASE fcmlogin;

Firebase Admin SDK Error

Solution:

• Verify firebase-admin.json exists in storage/app/
• Check file permissions: chmod 600 storage/app/firebase-admin.json
• Verify path in .env: FIREBASE_CREDENTIALS=storage/app/firebase-admin.json

Storage Link Error

Solution:

# Remove existing link
rm public/storage

# Recreate link
php artisan storage:link

Email Not Sending

Solution:

• Check mail configuration in .env
• For development, use Mailtrap or MailHog
• Verify queue is running: php artisan queue:work

iOS App Issues

CocoaPods Installation Failed

Solution:

# Update CocoaPods repository
pod repo update

# Clean and reinstall
pod deintegrate
pod install

GoogleService-Info.plist Not Found

Solution:

• Download from Firebase Console → Project Settings → iOS app
• Drag file into Xcode project navigator
• Ensure "Copy items if needed" is checked
• Verify file is in the app target

Firebase Not Initializing

Solution:

• Verify FirebaseApp.configure() is called in AppDelegate
• Check GoogleService-Info.plist is in the project
• Clean build folder: Cmd + Shift + K
• Rebuild project: Cmd + B

API Connection Failed

Solution: For development with HTTP (localhost), add to Info.plist:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

Push Notifications Not Working

Solution:

• Enable Push Notifications capability in Xcode
• Upload APNs certificate to Firebase Console
• Request notification permissions in app
• Verify FCM token is being sent to backend
• Test on physical device (push notifications don't work on simulator)

Common Integration Issues

401 Unauthorized Error

Solution:

• Verify Bearer token is included in Authorization header
• Check token hasn't expired
• Ensure session is still valid (not deleted)
• Login again to get a fresh token

422 Validation Error

Solution:

• Check API request body matches expected format
• Verify all required fields are included
• Check field data types (string, integer, etc.)
• Review error message for specific field issues

CORS Error

Solution:

• Verify fruitcake/laravel-cors is installed
• Check config/cors.php configuration
• Add your iOS app domain to allowed origins

Getting Help