When initializing Firebase in Nodejs project, why we include apikey,databaseurl,storageBucket,authDomain, appId, messagingSenderId, projectId in Firebase.initializeApp()? Without some of these properties, it is still working, then why do we need to pass it?
And also for security, we use Firebase Authentication for checking user auth.uid, so why do we need to pass the above properties in initializeApp()?
Does passing these properties, Firebase will check it by default? If Firebase checks it by default, we don't need Firebase Authentication then?
I'm a beginner kindly help.
Firebase consists of >18 products these days, and many of them take different configuration data at startup. But since you only call initializeApp once for all these products, you have to pass the configuration data for all products in this one call.
That's why all example in the Firebase documentation and console show how to pass all possible configuration data. Depending on the products you actually use, and the platform you run on, you may need fewer of these values, but including all of them never causes problems.
When you register an app with a Firebase project, the Firebase console provides a Firebase configuration file (Apple/Android apps) or a configuration object (web apps) that you add directly to your local app directory.
That is, a Firebase config file / object associates an app with a specific Firebase project and its resources. It consists of unique and non-secret identifiers for your project. A Firebase config file generally consists of apiKey, databaseURL, projectId, storageBucket, messagingSenderId, appId, measurementId.
These parameters are required by Firebase and Google services to communicate with Firebase server APIs and to associate client data with the Firebase project and Firebase app. The apiKey and the projectId are the mandatory fields in the configuration file/object. And, other fields are optional. Each of the other fields corresponds to an optional part of Firebase.
This is because Firebase contains many services/products such as realtime nosql database services, blob storage, push notifications/messaging, and ofcourse Authentication among many more things.
If you do not desire to use the other parts of Firebase, simply do not reference them nor enable them. It is completely fine to only use Firebase Authentication.
The content of the Firebase config file or object is considered public, including the app's platform-specific ID (Apple bundle ID or Android package name) and the Firebase project-specific values, like the API Key, project ID, Realtime Database URL, and Cloud Storage bucket name. Given this, it is recommended to use Firebase Security Rules to protect your data and files in Realtime Database, Cloud Firestore, and Cloud Storage.
Related
Using Google Firebase Functions as a backend of the small application.
Functions are accessing to the Firestore and Realtime database, therefore they need service account credentials file.
On the other hand, I'm trying to automate the deployment of the functions using Github Actions.
Currently I places the credentials file inside the repository. I know that it's not secure.
What is the proper way of storing service account credentials file in this case?
Firebase projects, are, in effect, Google Cloud Platform projects.
More specifically, when you create a Firebase project, an associated Google Cloud Platform project is created for it.
Therefore the process for storing credentials is the same as in Cloud Platform, which is to say in a file, somewhere relatively safe.
This file should be accessible to your Function if it is required, and should either have its path specified as part of an environment variable or explicitly declared in code.
You are already storing it the proper way, because the improper way would be to insert the contents of the JSON file directly into code.
To prevent others from seeing the contents of the JSON file, simply set the respository as private.
Tl;dr.. I'm making a todo app where I store data in Firestore, and I don't want anyone to see it not even the devs from firebase console. I found many encryption pkgs that do the job, like: encrypt. My problem is how to I handle the 'encryption key'. I don't want to keep it local because in my app user can access it's account from different devices, so if the key is stored locally they cannot decrypt thus retrieve their data (notes) from the other device (i hope this makes sense). So, do I send the 'encryption key' to firestore in a seperate collection or ... how should I approache this ?
You could store the key with Firebase Remote Config and retrieve it in the app when you need it.
Firebase Remote Config is a cloud service that lets you change the
behavior and appearance of your app without requiring users to
download an app update. When using Remote Config, you create in-app
default values that control the behavior and appearance of your app.
Then, you can later use the Firebase console or the Remote Config
backend APIs to override in-app default values for all app users or
for segments of your user base.
Check out the documentation for the flutter_remote_config plugin.
Let's assume we have a Firebase project A and it has Firebase profile file for appId App_A.
If another app with appId App_B decoded the info from App_A and took the Firebase profile file and tried to use it within App_B will it be able to get fetch remote config from Firebase project A?
Setting up API Key Restrictions https://cloud.google.com/docs/authentication/api-keys#api_key_restrictions should help with this.
I have 2 Flutter applications -- let's call them A and B.
Each application uses Firebase Authentication and Firebase Analytics (and maybe more Firebase services in the future).
Both applications need to access a shared Cloud Firestore, and that access obviously needs to be secure.
So how can I best do this?
I have created 3 Firebase Projects:
Project A for Flutter application A -- enabled Auth and Analytics
Project B for Flutter application B -- enabled Auth and Analytics
Project C for Cloud Firestore
For the two Flutter applications, I have downloaded the respective GoogleService-Info.plist files and placed them in the project's ios/Runner directory. Each application can successfully login and capture analytics events, and I can clearly segregate activity between the two applications.
Now, I need to point both A and B to C. I first thought that I could simply update the DATABASE_URL in both GoogleService-Info.plist files, but that doesn't seem to work.
I have read the Configure multiple projects
documentation, and I can imagine having a secondary GoogleService-Info.plist file for the Cloud Firestore, perhaps named GoogleService-Info-DB.plist, but then how does one get FirebaseApp to load the secondary configuration? (Note that iOS needs to load the secondary plist, and Android needs to load a secondary json file.) I only see a configure method that accepts a FirebaseOptions class.
Related, I need to secure Project C's database to only authenticated users from Project A or Project B. How can I do that?
I have created/forked a lil Google Apps Script Library to manage Firebase Firestore and Firebase Remote Config called FirebaseGoogleAppsScript. The goal is to simply manage the contents of your collections in an apps script as well as update your remote config.
My issue is I can't get the a service account to do both.
Firebase creates two service accounts upon creating a project:
The first is listed in the Firebase Console -> Project Settings -> Service Accounts. This one I use within my cloud functions to retrieve the Remote Config just fine. However in the Apps Script Project it is unable to retrieve any data from firestore. I tried adding all kinds of roles including Owner and Editor yet no firestore data, but I still can get the RemoteConfig.
The second is only visible in the GCP service accounts and has the title: Firebase Admin SDK Service Agent with the roles Firebase Admin SDK Administrator Service Agent and Service Account Token Creator. This one is able to retrieve all the data from firestore within an Apps Script Project. However in the apps script project I can't get it to retrieve the RemoteConfig even if I add the role Firebase Remote Config Admin.
I have also made my own service account which was able to get the Remote config and just about everything else from Firebase except the Firestore data. Seems only the one service account created by Firebase is able to get any data.
To recreate the issue simply deploy my lil FirebaseGoogleAppsScript project and associate it to the same GCP project Firebase is connected to. There is a test file in it which can recreate the issue assuming you have some data in RemoteConfig and a collection called posts with some docs.
What the heck is going on here? Why can't I make a service account who can access Firestore and RemoteConfig? Any ideas on what to do to create a proper role to do both? Do I really have to use two separate service accounts?