I am currently working on SAAS Application, where the world wide users can authenticate to our system.We are in research between AWSCognito and Firebase authentication.I was able to see AWSCognito user pools can be made available across multi-regions by replicating the user pools in needed regions so that the world wide users can authenticate with very low latency.In case of Firebase ,there is an option from multi-region but not suits for my use case.our targeting areas are IND,AUS,US and UK.So, can anyone suggest me to do a proper architecture for this use case ?
Firebase Authentication stores user data in a single global pool.
The data is replicated across the worldwide automatically across Google infrastructure, but there is no way for you to control regional shards for your users in Firebase Authentication. So if that is a requirement for your application, you'll need to use another system.
Related
when I create a project in firebase, I am offered to choose analytics location
When you click on the question mark, they write: "This represents the country/region of your organization. This does not affect where Google may process and store Customer Data for Firebase."
Question: If I want to upload an application to the appstore for different countries, for example, America, Russia and European countries, then I will have to connect several firebase projects for different countries at once? How can I connect one firebase for all countries?
Not sure but it seems you are mixing up things.
When setting up services on your Google Cloud Project, you may choose their location, this means that the service you are activating will be hosted on a specific place, and thus people from other countries may have bigger latency accessing your services. Example, if you host a service in North America, the latency for users from Asia will be higher.
That will not geographically restrict or limit users to access your service, web app, or API services.
If you want to restrict users from specific countries from downloading your app, on the app store you have settings that will do that for you.
The short answer: no, you don't need multiple projects for multiple countries.
So I have set the location of my Firestore database to asia-south-1, let suppose now I start getting users from the US as well as from India, how will I serve both the groups with lower latency?
You can't change the properties of your project once it's set up, nor even simply pay more for better service. If you want improved service in different regions, you will need to buy computing resources in each of those regions. This requires setting up multiple projects, with each Firestore product configured for the region you want improved service. Note that not all Firebase and GCP products are available in all regions.
If you want all users in all regions to be using the same set of data with improved latency, that's not possible to configure. You will have to build a way to mirror data between the different projects. There is nothing terribly easy about that, nor are there any existing solutions offered by Firebase or GCP to do this for you.
Doug nailed it for Firestore. So 👍
Note that Firebase's Realtime Database (unlike Firestore) can have multiple databases per project, which means you can set up a database instances in each region (it support three right now) and redirect your user's traffic to the region closest to them. You may still have to replicate data between the database instances, similar to Doug's answer, but (unlike in Doug's answer) with Realtime Database this can happen within a single project.
I'm using Microsoft Graph SDK for .NET Core. I'm trying to get a list of all Office 365 plans in all Azure Active Directory groups within my organization.
I have been reading through a lot of questions, but haven't found a clear answer to my problem: As it's stated in the official documentation, you cannot list plans in a group using client credentials (application permissions), which is the exact authentication method I'm using. Given this, how can I achieve my objective?
As per documentation, the only way to list plans in groups is to use Delegated Permissions, but in that case, and according to the Microsoft Graph permissions:
either the user or an administrator consents to the permissions that the app requests and the app can act as the signed-in user when making calls to Microsoft Graph.
If the signed-in user is a regular user then the application will only access the groups that user is a member of. Bear in mind that there may not be a single user that is a member of all groups.
Is there a way to get my application to list all plans in all groups within my organization?
You can now use application permissions.
Outdated Reply:
Planner currently does not support application permissions. Depending
on what your scenario is, you have couple of options. One option is to
create a user account to be used by your app, and add that user to all
the groups. Then you'll be able to query the plans with the
credentials of that user.
I know scalability is not an issue in Firebase and supports up to 100k Simultaneous connections(in general).
Based on pricing documentation:
You can create multiple database instances to go beyond the 100K
concurrent limit. See Pricing FAQ for more information.
Question 1: What if there is more than 200k users using simultaneously on the same database? The other half of the users could not query, connect or the request will be placed in queue?
(As a Firebase plan subscriber, I would like to know how Firebase deals with the problem to ensure the quality of the services provided to our customers are always in top-notch)
Since, App globalisation is common nowadays and many companies' practices are to have servers across multiple regions to provide better and stable performance. Online game for example which required low latency.
As for now, the firebase user is required to set the default location when creating the project which is non-editable afterward. Some issues even rises where the users realised they deployed their app to the wrong regions and do not have clues on how to change the regions.
This represents the country/region of your organisation/company. Your
selection also sets the appropriate currency for your revenue
reporting. The selected country does not determine the location of
your data for Firebase features. Google may process and store Customer
Data anywhere Google or its agents maintain facilities.
Question 2: Will or does Firebase provide a solution / tailor-made to such practice which having our database in multiple regions while having a headquartered region and multiple other regions sharing all the databases, functions and auth across the regions?
(For now to have multiple servers location, we have to create different projects and the user and data syncing will be a problem)
Hope the language does not offend, cheers!
It seems like your question (or at least your assumptions) is based on the Firebase Realtime Database, so I'll answer for that below.
Q1) You can create more than 2 databases in a single project, each of which allows 100K connections. So it can scale beyond 200K connections. All of these are hosted in the same region though, so you can't use each database for a separate region.
Q2) For a database solution that handles multiple regions, I'd recommend looking at Cloud Firestore. Also see: Cloud Firestore - selecting region to store data?
I have a saas platform I'm building and I'm currently struggling with how to model my auth flow. The system is going to be multiple multi-tenant applications but I would like to unify user authorization & authentication. Basically, each US State will have its own web app/resource server/database and every county in that state will be a separate tenant. I cannot combine all states into one application, so that is not an option.
I would like to throw all users and their information/password into one database connected to my auth service. But each county (tenant) admin within each state (web app) needs to be able to add & manager their users and their roles. So the auth service needs to be aware of all the different tenants across each application. I also need to be able to link items created in each database to the user that created it. If I create object "X" and another user in my county views that item, they can see "Kovaci" created this.
I also do NOT want SSO between states but if possible I would like users to be a part of multiple tenants within one app (not a requirement though). Native iOS/Mobile apps are another client I need to support with this flow.
I used this bitoftech article to base off of: http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/comment-page-1/#comments
And here is my paint quick mockup: multi saas design
My question is just generally how do I design this auth part? Can I store all users in one auth db like my goal? If so, how do tenant admins manage them and how do I link tables in my separate app db's to the users' current info in the auth db?