using Firebase's Admin SDK, it is possible to add a new Provider Config, either for SAML or OIDC. I'm creating new tenants for every account, to give our users the ability to create their own sign in methods.
Using the cloud console, it's possible to add Microsoft as an IdP for each tenant. Is there also a way to add this provider programmatically?
Thanks in advance!
Related
i have an angular app which uses Firebase authentication - email provider. Works just the way, application wants it.
Now, i have a new customer who wants to use the application. The only issue is that he is not keen on having email addresses / mobile numbers as login identity. He wants to create his own usernames for their users to login. the username will be a string something like:
md, accounts, branchmanager, customer_with_weird_requirements etc
for attacking this situation, i have two approaches in mind.
changing the provider to customauth provider, bring in jwt and have a back-end endpoint
making the user only enter the username and suffix a common domain url like #abc.com and mock an emailauth provider
the following are the problem i have using the approaches
the app is fully powered by firestore and its web sdks. i need to start a new cloud function for creating the endpoint. well, not difficult but for just one module, we have a architectural change which i am not a fan
not the ideal way to handle auth module. also, reset password will not work as the rest link will be sent to the user#abc.com which doesn't exist in the first place.
Is there any way to use the providers available in firebase auth, with maybe basic tweaking, which doesn't make your email/mobile no mandatory?
What you want is beyond what the built-in providers of Firebase Authentication can be configured to handle. You'll have to create you own provider to support you needs.
Keep in mind that Firebase has some great examples of how to build a custom provider, like this username/password provider.
I am building a Firebase application (using Firestore) which needs to support custom authentication via single sign on through a third party system.
In the past, I have done this type of integration with my own authentication system. To do this, I installed the Firebase Admin SDK on my own server and used the secret key to sign a JWT that was passed back to the client, which then could be used to grant access to the Firebase application.
However, since the Admin SDK grants full access to the Firebase app, I have concerns about handing those keys over to another party. Is there a way that I can provide a secret key that grants more limited privileges to the third party? I want them to be able mint JWTs for their users to access the app, but I don't want them to be able to directly read/write from my database.
I think I've solved this by taking the following steps...
1) Access the Firebase project's IAM admin tools
2) Create a new service account for the project in the "Service Accounts" section.
3) Create a custom role in the "Roles" section and give it access to all of the Firebase Authentication privileges: https://firebase.google.com/docs/projects/iam/permissions#auth
4) Assign the custom role to the service account in the "IAM" section of the admin interface.
5) Go back to the "Service Accounts" section and create/download a private key for this service account.
6) Use this key as the credentials for the Firebase Admin SDK and create a custom token using the process detailed here: https://firebase.google.com/docs/auth/admin/create-custom-tokens
The SDK should permit creating a custom token, but it will return errors when trying to do other actions such as accessing the project's database.
I am building apps using Firebase (Storage, Functions, Hosting, Real-Time Database and Firestore). In the apps, the user authenticates using a third-party library (like Google connect but not Google).
I don't know how to protect my database because I am not using Firebase Authentication. How can I use this third party authentication to protect data for example? Maybe I need to create a user manually and attach information to him so that this info will be available in the Security Rules editor?
Thanks
I don't think you can secure your database or storage without a form of authentication.
Now firebase provides multiple methods of authentication (email , google, custom , anonymous .....).
What you might want:
You might want to add custom login to your users in which they get registered with extra data that you provide. And they will still get a user id that you will use to check in the rules to allow read and writes along with some custom data you provided while registration (so you can check these data from the rules).
I'm developing a basic messaging app with Firebase's built-in email/password authentication system. I'd like to add a key value "username" option to the resultant authData payload as a message author identifier that's not the user's email address.
I've read the official documentation front to back and from all accounts, the idea is to migrate over to a custom token authentication system if you're adding custom data to the authData, but i'd really like to keep the existing auth system as is, unless I can continue to use the same auth information already resident in Firebase but just with a new custom token auth login.
Thanks.
You cannot add custom attributes to the authData (or the auth variable in security rules) for the built-in email+password or OAuth providers. The common way around this limitation is as Jay commented to store the additional user data in your Firebase database under a /users/$uid node.
The only identity provider where you have control over the authData is when you use custom authentication.
I'm using .NET backend on Azure Mobile Service. It's easy to set up authentication with social identity provider, so that the client can use e.g. Facebook iOS SDK to login, as illustrated in the official tutorial
In custom authentication, as I need to maintain my own Account table according to the official tutorial, I have full control over the registration & login.
I'd like to have a centralized User table to store information about all users, no matter which channel they used to authenticate.
My question is, is there a way for the .NET backend to be notified when a user register or login with a Facebook token? So that a new row can be added to the centralized User table even when the user is using Facebook to authenticate?
Thank you!
Yes - the User.GetIdentities() method contains the token and mechanism that was used to authenticate the user. You can use this to update your table. For an overview of how to use this token, see this blog post by the team: https://azure.microsoft.com/en-us/blog/custom-login-scopes-single-sign-on-new-asp-net-web-api-updates-to-the-azure-mobile-services-net-backend/