Migrating SafetyNet to Play Integrity API for Firebase - firebase

I'm developing a flutter application which uses Firebase as its framework. One of Firebase's features that we use is App Check. I've been using SafetyNet for my Android App Check, but recently I've gotten an email from Google that states that SafetyNet will be discontinued and developers are recommended to migrate to Play Integrity. The problem is, I don't know how to do so, I've tried changing it directly from Firebase Console, and now both my Play Integrity and SafetyNet option is checked, last time it was only SafetyNet. Are there any steps that I might've missed? Any help would be greatly appreciated.

Related

Unity & Firebase - Google and Facebook Login/SignIn/Authentication Tutorials

For the last couple of days, I have faced an issue with my Unity project regarding adding Google and Facebook authentication for my users, using Firebase. The thing is that there exist a couple of youtube tutorials for each of those two implementations but they are quite misleading and rushed.
Apart from that those tutorials refer to the creation of a new project which implies that the Firebase Auth package is not yet installed. And I mention this because I've seen plenty of people in the comments that are struggling with the Plugins and Parse folders that get overwritten whenever both Firebase Auth and Google or Facebook packages are installed. So there does not exist a rule of thumb on how to proceed in cases where projects already had other methods of authentication such as Email/Password.
Of course, the documentation for both Google and Facebook is unclear on how to get the access token.
Facebook SignIn doc: https://firebase.google.com/docs/auth/unity/facebook-login?hl=en&authuser=0
Google SignIn doc:
https://firebase.google.com/docs/auth/unity/google-signin?hl=en&authuser=0
I've made this post in order to find a step-by-step solution to my problem and hopefully help the community find a solution to a problem that concerns many developers.
[Edit]: My question is. How exactly do I implement the Google & Facebook Sign-In, based on the documentation, that is unclear, especially on the step
Follow instructions for Android and iOS+ to get an access token for the signed-in Facebook user.
And I am speaking for a project that already has imported Firebase.Authentication, which means that folders such as Plugins and Parse are already in the Assets and get overloaded from the packages requested by the 'tutorials' (Because the docs do not even mention what package to use and how).
[Edit]: As of right now I've managed to set up the code in a way that has no errors. When I run it though I get:
[Android]: Exception: Field currentActivity or type signature not found.
[iOS]: EntryPointNotFoundException: GoogleSignIn_Create
After some googling, they proposed testing it after I build it which I think is way too much time-consuming.
This is the answer I've got from Firebase support.
First of all, we need to note that Firebase only has three native authentication providers: email, phone, and anonymous authentication. For the other methods, Firebase needs to trust how their respective third-party providers handle their authentication flow. That's why Firebase can't offer a way to get the access token. This is not its responsibility.
So, to sign in with a Federated provider (FP) you must follow the following steps.
Think about which will be your target mobile platform. Not all the FP provide the same authentication flow on iOS or Android. For example Google offers a more handy way to authenticate Android devices by using Google Play Game Services
Authenticate in Unity Using Google Play Games Services | Firebase
Search on his FP's official GitHub repository for the official plugins to get access to the FP's SDK on Unity. For example, Google offer a useful plugin to authenticate user in both platforms
GitHub - googlesamples/google-signin-unity: Google Sign-In API plugin for Unity game engine. Works with Android and iOS.
Last plugin's release: https://github.com/googlesamples/google-signin-unity/releases/tag/v1.0.4
Examples - Unity SDK - Documentation - Meta for Developers
Create the FP credentials according to its own requirements. For example, Google login requires the use of web_client_id, which can be obtained from the google-services.json or GoogleService-Info.plist files needed to build the application on the target platform.
https://github.com/googlesamples/google-signin-unity#get-a-google-sign-in-configuration-file
https://github.com/googlesamples/google-signin-unity#using-this-plugin-with-firebase-auth
Once you've built the FP's credential into your project, it's time to check out our Firebase documentation for using the FP credential in our authentication flow. I recommend having the Firebase reference along with the documentation as it will help to know what arguments the required method needs.
The best way to test your new authentication provider is by implementing the Firebase Authentication Unity Quickstart. Please clone the Unity Quickstart repository here and deploy the Unity project found in the auth folder. Follow the steps mentioned in the README.md file and build the app on your target platform.
I recommend that you add the FP's SDK right in the same step as adding the Firebase SDK plugins to avoid some build issues. Since these errors are more related to Unity than Firebase, I recommend reaching out to our communities on StackOverflow, Google Groups, and Slack for help with these issues as they have more knowledge than I on those topics.
So, in conclusion, getting credentials from third-party providers is a task delegated to them and not to Firebase since this one is not responsible for any third-party authentication flow.

Storing API keys in a Flutter Firebase app? Do I need to hide them? How?

I am developing an iOS/Android app with Flutter and Firebase (mainly Cloud FireStore and Firebase Auth). According to the Firebase documentation/example, they just put the API key along with the googleAppID straight into the app's source code. This to me seems very insecure, but at the same time I did hear that dart is compiled AOT. So what is the best practice for putting the Firebase API keys in a Flutter app?
Any response is appreciated!
That example is usually not followed. The key is stored in the google-services.json file or the equivalent for iOS that should be added to the project following the Firebase setup instructions. This removes the issue with people easily knowing your key. I don't believe it would matter if someone did however as the key is intended to be public.
Setup Instructions

Firebase Fido2 Authentication Support

I know that Google's Firebase/Firestore platform supports multiple authentication methods/backends, but I'm not currently seeing any option for Fido2 or WebAuthn for Firebase Authentication. Does anyone know if Google has a timeline to release support for Fido2 on their Firebase development platform? Or if it's already available, and I'm just missing something.
I am currently only on the Spark FREE plan, so I don't know if that is a problem.
Any insight or assistance would be much appreciated.
Cheers!
They currently do not support it, and as far as I can tell there's currently no timeline for support. source
Google has recently started using the WebAuthn API for authentication of security keys, but not yet for registration. I would guess that Firebase gets passwordless authentication support around the same time that Google accounts do, but I couldn't say if that's 3 months or 3 years away.

Migrating to FCM issue adding to console

After having issues with crashes in Android O and also seeing that GCM is fully deprecated we are trying to migrate to FCM. Keep in mind I did zero of the setup on this project, so I'm just trying to follow the migration guide. Our server side team is very busy right now, so I'm trying to make it as easy as I can for them.
So someone gave me owner permissions on the Google APIs dashboard for the project, where I can see that Google Cloud Messaging is enabled. So I gave owner permissions to an account we now use for all of our mobile online accounts and consoles.
Then I logged into the Firebase console, but when I click "add project" I do not have the option to import the existing GCM project, as the docs seem to say I should. It also doesn't show up for my personal work account either, even though it is also an "owner" account. I was really hoping to migrate this way so that we might not have to get new api keys.
However, I do see in the Google APIs dashboard that I can "enable" FCM from there. Will this create the Firebase project for me and if so will it generate new keys or can we use the old ones?
OR is it actually better to just create an entirely new FCM project?

Expo and react-native-firebase

I'm trying to integrate Firebase into my expo app using the react-native-firebase framework which has several advantages over the regular firebase package when it comes to react-native apps.
However, I'm running into difficulties since the instructions say I must add the GoogleService-Info.plist to ios/[YOUR APP NAME]/GoogleService-Info.plist, and expo apps don't have an ios folder from what I understand.
Am I pretty much screwed or is there a solution for this?
As the react-native-firebase documentation says, you need to eject your app if you want to use this library with expo. Be mind that eject action is not reversible. More info here and here and here.
If you use Expo and would like to use this package, you'll need to
eject. If you do not want to eject, but wish to make use of features
such as Realtime Database (without offline support) & Authentication,
you can still use the Firebase Web SDK in your project.
Today, you can't have the Firebase react-native sdk with expo. And this is not planned according to: https://expo.canny.io/feature-requests/p/full-native-firebase-integration.
So you have to play only with the javascript sdk from Firebase.
Cloud Firestore is new, it will be better for the javascript sdk for offline and sync.
The author of this thread: Fresh Detached Expo + RNFirebase not running on Android has managed to get it working with the Detached ExpoKit - so it's not a full ejection and keeps the expo features.
I have asked for the steps he took so we can see about getting something added to our docs and possibly a Detached ExpoKit version of our starter app.
See the expokit detaching docs for information about ExpoKit.
It's in progress --
https://blog.expo.io/using-firebase-in-expo-e13844061832
Using Firebase in Expo
And how we plan on adding it to the client 😁
We are super excited to announce that we will be rolling out a suite of Unimodules that will provide you with easy access to native Firebase features! initially you will only be able to use these in a detached ExpoKit App. But over time we will be working to add these to vanilla Expo.
TL;DR
Here are the modules, you will need to detach to add them for now:
App/Core
Analytics
Authentication
Cloud Firestore
Cloud Functions
Instance ID
Performance Monitor
Realtime Database
Cloud Storage
Remote Config
Firebase Cloud Messaging
Remote Notifications
Dynamic Linking
Invites
Crashlytics
Also TL;DR
Here is a boilerplate: https://github.com/EvanBacon/expo-native-firebase
Update 02-12-2021
Guys expo's eas-build is now public. You can add custom native codes and use react-native-firebase. Here is the link to a youtube tutorial. The video is short and super easy to follow. Here is the link to the docs
Previous answer
If you are using Firebase using the mobile configuration, it does not work, but it worked smoothly when I tried the web configuration. Here is the youtube tutorial. Watch from 38:20 to set up.
I managed to get a working set of react-native with redux, firestore and expo. See Code example at Github.
But it costs the offline-persistence (see https://github.com/firebase/firebase-js-sdk/issues/436). So from my point of view it costs performance, because i need to be online to get a full working app with firestore and react-native.

Resources