I am trying to follow the firebase-electron guide instructions documented in the readme file here:
https://firebaseopensource.com/projects/david-asher/electron-firebase/#create-a-firebase-project
But I eventually get to a step which says
It is highly recommended that you add firebase-config.json to your .gitignore file. It contains project-specific information that you do not want to check in with the app, nor should it be packaged when building your app.
I was planning on releasing my electron app on the mac / windows / linux stores. And if firebase-electron needs the firebase-config.json file variables, then is there no way to release my electron app with authentication using firebase?
My end goal is to release an electron app with login capabilities that can work on both an electron app and browser. Specifically the YouTube API for uploading videos in node.js which requires a request to be made using the user's auth token (which you can get signing in through google using firebase, but can I release an app with firebase?)
Or maybe is there a better solution / example
Related
As per the Firebase documentation, the contents of google-services.json are considered public. These can be easily retrieved by decompiling the apk.
If so, is there a way to prevent apps from registering with my Firebase project?
I understand that the registration works on the basis of package name. While it's not possible to publish an app with a duplicate package name, for development it is very much possible.
I created a dummy app, and my dummy app successfully registered with my production project. So, looking for a way to prevent that from happening.
You should be connecting your app to Firebase Emulator for local development.
You can go to Firebase console -> Authentication tab -> Sign-in Method tab, and remove localhost from Authorized domain, that way your app will never connect to production DB.
Is it safe to keep the firebase config file (with the APIkey)when deploying my mobile app (front-end react native) to the google play store and app store?
How can I make it safer?
As Doug commented, the google-services.json (or google-services.plist file for iOS) does not contain any secret credentials. It merely contains the configuration data that your app needs to find its Firebase project on the servers. So sharing it with other developers on your app is not only safe, it's required for them to build an app that communicates with the same Firebase project.
You may want to consider keeping it out of version control though, and instead only deploy it onto your build server. The reason for this is not as much that that data is secret, but more that each developer should typically set up their own Firebase project for their development work. That way they won't be stepping onto each other's toes during feature development work.
Also see:
Is it safe to expose Firebase apiKey to the public?
Should I add the google-services.json (from Firebase) to my repository?
For logging purposes I´d like to print to console or even display the current deploy ID (or message) of my firebase web app that is being accessed by the browser.
Firebase Hosting recently released a new REST API. You can use sites.releases.list to see what version is currently deployed.
Old answer:
Firebase deploy IDs don't appear to be available anywhere via programmatic access. The CLI doesn't support listing current or previous deploys.
My recommendation would be to go in the other direction. Have your source code in a vcs like git. When you build and deploy a new version set the vcs hash or version in the deployed code and as the message for firebase deploy. You can then log the log the source version in your code and you can manually associate that back to a release in the Firebase UI.
We have a build script to generate new APP from templates. Can we also automate the process in Firebase console in the script using CLI? This is for setting up cloud messaging.
So far all instruction I found is through web UI, as in https://support.google.com/firebase/answer/7015592?hl=en.
Thanks!
These is not currently features of the Firebase CLI. There also is no API to create apps (or projects) or download configuration files at the moment. Both would be valid feature requests though, so I'd recommend to file a feature request.
I have an Android client and an Android Things server application sharing a Firebase database. How can I communicate from the Android Things application with the Firebase database using a service account? Following the instructions below results in a Gradle error.
https://firebase.google.com/docs/admin/setup
Gradle error
Error:(56, 0) Version: 5.8.0 is lower than the minimum version (9.0.0) required for google-services plugin.
You've got several things going wrong here.
First, you don't need a service account to deal with Firebase services from within an Android Things app. You deal with Firebase just like you would a normal Android app as a client of the Firebase service. There is literally almost no difference in how you interface with Firebase from this perspective.
Second, don't use firebase-admin in an Android app. That's for server-side code. Use the normal Firebase client SDKs for Android.
Also bear in mind that Android Things Developer Preview 0.6.1 has Play Services 11.6.x on it, and it doesn't self-update like normal Android devices. This means you have to use the 11.6.0 Firebase and Play SDKs in your Thing app. If you try to use newer versions, the client will fail because the client SDK versions aren't matched by an equal or better Play Services APK on the device.