microsoft authentication using firebase - firebase

I am working on Microsoft authentication using firebase. its a web project in vuejs 2 tech. I have followed this Documentation step by step for firebase and code section also followed this Documentation for creating account in azure portal but getting this error:
error FirebaseError: Firebase: Error getting verification code from microsoft.com response: error=invalid_request&error_description=Proof%20Key%20for%20Code%20Exchange%20is%20required%20for%20cross-origin%20authorization%20code%20redemption.&state=AMbdmDnE2TjhyB-T1hIHqYTh73Za9GIrASM-9NFz4trUb4QSLmP6W_qIFNCSl2fmUyq0tTvTNeB3Yg1a3XmOHg93aDItLCJTEEf9B-6EdpPLzR-_mkV9bI3QLoTyT3JQl9Pldczh3BfRlTZQ2KwKfV8IxgpHoXxKJByVzaB-M1wxWO9ESh7Ap_2BvNYHrq2tSFQHbK9D70l7xzi292de6G4rbGUgKmtuTtND4B671A1sxhD2-1WTWaCXkLMv_R7q5JTiWmfqn12ZipA_RWnMBDkPRhglBVReg6jBCRWKv1PvWN2dVQOQfjIoTKRfUs8VK4KfMDR6rYAVst8UStsO79nPN27_32yBjoU9pdl3 (auth/invalid-credential).
at _errorWithCustomMessage (vendors~app~._node_modules_#firebase_auth_dist_esm2017_index-1679a2b2.js~8334e211.js:568:20)
at _performFetchWithErrorHandling (vendors~app~._node_modules_#firebase_auth_dist_esm2017_index-1679a2b2.js~8334e211.js:1085:23)
at async _performSignInRequest (vendors~app~._node_modules_#firebase_auth_dist_esm2017_index-1679a2b2.js~8334e211.js:1100:29)
at async _signInWithCredential (vendors~app~._node_modules_#firebase_auth_dist_esm2017_index-1679a2b2.js~8334e211.js:4706:22)
at async PopupOperation.onAuthEvent (vendors~app~._node_modules_#firebase_auth_dist_esm2017_index-1679a2b2.js~8334e211.js:7965:26)
please suggest what could be the possible fix for the above issue

I was able to fix this problem by doing under written 2 steps
step 1 : I created SPA platform on azure portal but it should be web platform so just deleted the SPA and added web platform to fix this problem
To configure application settings based on the platform or device you're targeting, follow these steps:
In the Azure portal, in App registrations, select your application.
Under Manage, select Authentication.
Under Platform configurations, select Add a platform. Under
Configure platforms, select the tile for your application type
(platform) to configure its settings.
step 2: we have to Application secret in fire base console which need to be copied correctly from azure portal
basic steps to create and add a client secret
In the Azure portal, in App registrations, select your application.
Select Certificates & secrets > Client secrets > New client secret.
Add a description for your client secret.
Select an expiration for the secret or specify a custom lifetime
Select Add.
Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.
please read the last step properly which says we have to copy key value if you left the page the value will be hidden like this with *** so in that case just delete this key and add new client key then copy the value (it "Value" field not "Secret ID" field)
now just add that key to your fire base console in application secret field
Note: try to follow these documentations properly Firebase documentation and microsoft azure documentation

Related

Is there a way to enable Firebase Auth via Email through an API/CLI?

We are transitioning to using Terraform to create our architecture on Google Compute, and part of it utilises Firebase for the front-end. So far, I have managed to get this all working fine, but have hit a snag on Firebase Auth. Essentially, I want to allow 'Email/Password' authentication on a Firbase project programmatically.
The above shows where you find the setting in the UI console, but I want to be able to do that via an API/CLI, and also set the 'Authorised Domain'.
Yes, as of November 2022, this is now possible, either using Terraform, or the gcloud CLI and a bit of scripting. Both methods make use of the REST Identity Toolkit API.
If using Terraform: Your config file needs to specify a google_identity_platform_project_default_config resource: the documentation for it is available here. By way of example – assuming you've already declared a google_project resource called my_project, you could add the google_identity_platform_project_default_config resource as follows:
resource "google_identity_platform_project_default_config" "myconfig" {
project = google_project.myproject.project_id
sign_in {
allow_duplicate_emails = false
anonymous {
enabled = false
}
email {
enabled = true
password_required = false
}
}
}
This would enable email+password authentication, disallow anonymous access, and disallow duplicate email addresses.
If using the gcloud CLI: This would be a good deal fiddlier. I haven't tested it out completely, but it is presumably equivalent to what Terraform is doing behind the scenes. You need to obtain a service account access token, then use cURL (or a similar tool/API) to amend the Identity Toolkit configuration using the PATCH method (documentation here), supplying the token in the "Authorization" header.
gcloud lets you get an access token using the command gcloud auth print-access-token, but according to this 2021 blog post1 by #DazWilkin, the token obtained using your regular human credentials can't perform the necessary PATCH operation; you need to use a token backed by a service account that has the correct permissions.
The blog post gives further details, but roughly, the steps are:
Create a service account and give it the correct permissions. (Not necessary if you already have an appropriate service account; such an account can be created either using the Firebase console or Terraform's google_service_account resource.)
Create a JSON service account key file. (Not necessary if you already have a key created, plus a JSON file for it. These JSON files contain an object with the keys "project_id", "private_key_id", and "private_key", and are exactly the same sort of file as gets generated from the Firebase console if you go to "Project Overview" / "Project Settings" / "Service Accounts" / "Generate new private key". They can also be created programmatically using Terraform's google_service_account_key resource.)
Allow gcloud to perform operations using the service account's permissions, by running gcloud's "auth activate-service-account" subcommand: something like
$ gcloud auth activate-service-account --key-file=/path/to/key-file.json EMAIL_ADDRESS_OF_SERVICE_ACCOUNT
Obtain an access token for the service account by running gcloud auth print-access-token EMAIL_ADDRESS_OF_SERVICE_ACCOUNT.
Supply that token in the header of an HTTP PATCH request using cURL.
For more details, see the blog post; it's concerned with amending the "authorized domains" list for a Firebase project, but enabling email/password authentication would be very similar.
1 Also mentioned in this stackoverflow answer.

Firebase (Firestore) custom authentication with SSO controlled by a third party

I am building a Firebase application (using Firestore) which needs to support custom authentication via single sign on through a third party system.
In the past, I have done this type of integration with my own authentication system. To do this, I installed the Firebase Admin SDK on my own server and used the secret key to sign a JWT that was passed back to the client, which then could be used to grant access to the Firebase application.
However, since the Admin SDK grants full access to the Firebase app, I have concerns about handing those keys over to another party. Is there a way that I can provide a secret key that grants more limited privileges to the third party? I want them to be able mint JWTs for their users to access the app, but I don't want them to be able to directly read/write from my database.
I think I've solved this by taking the following steps...
1) Access the Firebase project's IAM admin tools
2) Create a new service account for the project in the "Service Accounts" section.
3) Create a custom role in the "Roles" section and give it access to all of the Firebase Authentication privileges: https://firebase.google.com/docs/projects/iam/permissions#auth
4) Assign the custom role to the service account in the "IAM" section of the admin interface.
5) Go back to the "Service Accounts" section and create/download a private key for this service account.
6) Use this key as the credentials for the Firebase Admin SDK and create a custom token using the process detailed here: https://firebase.google.com/docs/auth/admin/create-custom-tokens
The SDK should permit creating a custom token, but it will return errors when trying to do other actions such as accessing the project's database.

Account Locked in API Manager Store & Publisher 2.1.0

Is there a way to lock a user's account after a certain number of failed login attempts to the API Store and API Publisher? I already check at FAQ API Manager, but then the documentation redirect to Identity Server files.
Its there any method on how to solve this issues?
Thank You.
You can change the following properties in APIM_HOME/repository/conf/identity/identity-mgt.properties file.
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts
Authentication.Policy.Password.Expire.Time=0
# If account verification is not enabled, following property will decide where user must be lock or not after user is created
Authentication.Policy.Account.Lock.On.Creation=false
Authentication.Policy.Account.Lock.Time=0
Authentication.Policy.Account.Lock.On.Failure=false
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=0
You should first install following Identity Feature in WSO2 API Manager.
Account Recovery and Credential Management
version : 5.7.5
Then you will get the identity-mgt.properties file in your /repository/conf/identity directory.
By changing the following property value to the preferred number you can achive the account locking after several attempts.
Authentication.Policy.Account.Lock.On.Failure.Max.Attempts=0
Note :
To install the above feature,
Login to Management Console of API Manager 2.1.0 (httpso://localhost:9443/carbon)
Go to Configure > Features > Repository Management and add the following repository.
http://product-dist.wso2.com/p2/carbon/releases/wilkes/
Then search for "Account Recovery and Credential Management Feature".
Select and install the version 5.7.5 as below.
Restart the Server.

Firebase Authentication partially working (only email)

After months of developing a Web App under Firebase suddenly these days we have a problem with the Authentication, it returns this console.alert only with Facebook and google login (email/pass login works fine):
[firebase-auth] Info: The current domain is not authorized for OAuth
operations. This will prevent signInWithPopup, signInWithRedirect,
linkWithPopup and linkWithRedirect from working. Add your domain
(front.qualify.mx) to the OAuth redirect domains list in the Firebase
console -> Auth section -> Sign in method tab.
The App uses 3 different sub-domains, and in all 3 we can access over email/pass but not Facebook nor google.
We tried updating the Firebase initialization script, nothing. We have checked the API keys (in the Google APIs Credentials) and there was a new "Server key (auto created by Google Service)" which no one told us it was generated (Jan. 18th), so we edited it to include the domains as the original API key in different ways (w/wo * and /*), nothing. We deleted this new Server Key, suddenly something different, now the console includes a 403 error before the alert stated above and returns auth/timeout code inside the object.
We also found the Identity Toolkit API has detected many errors, so we tried to add the URLs for login, logout and email, but nothing happens when trying to save.
What are we missing?
The solution was adding my-app.firebaseapp.com (being my-app the unique identifier of our Firebase App) to the HTTP referrers in the Browser-Key Credentials from the Google APIs console and wait some time to propagate.
After many months of development the app never had a problem, and we are sure we never removed such referrer (if it was ever there).
Anyway... it's done and learned.
The simple way I was able to solve this issue I had with my ionic project was by following the instructions in the log, if you don't see any message try console log the response from firebase.
So what I simply did was follow the url: https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project='projectId'
*projectId = the Id of your project
and enable the Identity API something it brought up. Finish, and it worked instantly.

Firebase Authentication backendError code 99

I have a web app that uses Firebase Authentication for login. Recently, users of the app have been unable to authenticate due to an error emitted from Google's APIs.
Upon sending the request to
https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=...&cb=...
an error is returned:
{
"error":{
"errors":[
{
"domain":"global",
"reason":"backendError",
"message":"Error code: 99"
}
],
"code":503,
"message":"Error code: 99"
}
}
According to https://status.firebase.google.com/, Firebase Authentication is good to go. I've also tried migrating to a new Firebase project, but the error persists.
What is the meaning of this error code, and how may it be resolved?
I had the same error when trying to attach second (alternative) firebase project to the application (for development). It turns out that I forgot to upload APNs Auth Key which was required for authorization with phone number (in my case predefined testing number)
Upload your APNs authentication key to Firebase. If you don't already
have an APNs authentication key, see Configuring APNs with FCM.
Inside your project in the Firebase console, select the gear icon, select Project Settings, and then select the Cloud Messaging tab.
In APNs authentication key under iOS app configuration, click the Upload button.
Browse to the location where you saved your key, select it, and click Open. Add the key ID for the key (available in Certificates,
Identifiers & Profiles in the Apple Developer Member Center) and click
Upload.
You can find details about the solution under the following link:
Authenticate with Firebase on iOS using a Phone Number

Resources