Persist Firebase Auth session in Google Workspace Add-on - firebase

I'm working on a Google Sheets add-on that needs to interact with existing web-app. The app uses Firebase for authentication. Firebase is not available as an "Advanced Google Service" and there is no official library (as well as official docs advice against using libraries in an add-on), so I'm using #firebase/auth in the client-side code.
The code is simple and the same as I'm using in the web-app (without FirebaseUI, but I've tried it as well) and because add-ons cannot use cookies or localStorage*, the Firebase cannot persist a local session.
Within the add-on we can only use Google Script Properties service, so I'm looking if there is a way to persist a session manually for the Firebase (like provide own "Storage" implementation, I've just done this for another node package I use in the add-on).
The question is mostly about Firebase and environment with no cookies/localStorage but other storage, but I may be missing some other way to use Firebase Auth with script add-ons.
Thanks for you help.
Edited: removed indexedDB, I've checked it in Console and accidentally switched from iframe to the top context, of course indexedDB is also unavailable in iframe (we should be sure the add-on works in Chrome).
* yes, we can ask user to go to the Chrome settings and select "Allow all cookies" but this is not an option for production.

I don't think there's any documented way to control the storage that Firebase Authentication beyond the picking from the options mentioned in the documentation on auth state persistence.
I think allowing you to provide a custom storage implementation would be a valid feature request, so I recommend asking for it here. I don't think the request comes up frequently though, so it may not get the priority you'd like. In that case: implementing the feature would require allowing the developer to specify their own storage in the public SDK, and then you in your project implementing your own storage provider similar to the storage providers in the SDK.

Related

How to disable the multi tenant feature for a GCP project?

I have enabled the multi-tenancy feature for my firebase project in the GCP console following this guide but now there's no way to disable it back.
Will this affect any of project's behaviour?
As per the Public Documentation, currently there is nothing mentioned about how to disable multi-tenancy , however Google Support is aware of the issue and working on it. There will be some update in near future but currently it's not possible in UI or SDKs.
Will this affect any of the project's behaviour?
As per Firebase Documentation , multi-tenancy is not recommended for the Firebase Projects as mentioned with a reason :
Multi-tenancy can lead to serious configuration and data privacy
concerns, including unintended issues with analytics aggregation,
shared authentication, overly-complex database structures, and
difficulties with security rules.
Generally, if a set of apps don't
share the same data and configurations, strongly consider registering
each app with a different Firebase project.
For example, if you
develop a white-label application, each independently labeled app
should have its own Firebase project, and the iOS and Android versions
of that label should be in the same Firebase project. Each
independently labeled app shouldn't (for privacy reasons) share data
with the others.
To get more information related to the Firebase Authentication, you can refer to the doc.
If you want to continue in a multi tenant project below are some points which may help you perform certain activities on a multi tenant.
There are situations, however, where you want users to be manually or
programmatically created by an administrator, either using the Admin
SDK or Firebase console. In these cases, you can disable user actions
from the Firebase Authentication Settings page, which prevents account
creation and deletion by end-users. If you are using multi-tenancy,
you will need to make an HTTP request to disable these features on a
per-tenant basis.
You can also Manage Identity Platform tenants programmatically by User management,Identity verification,Import users,Access control with custom claims,User session management,Email action links,Tenant management by Create, list, get, update, delete tenants for a specific Identity Platform project , Manage OIDC and SAML providers on tenants.

Unity & Firebase - Google and Facebook Login/SignIn/Authentication Tutorials

For the last couple of days, I have faced an issue with my Unity project regarding adding Google and Facebook authentication for my users, using Firebase. The thing is that there exist a couple of youtube tutorials for each of those two implementations but they are quite misleading and rushed.
Apart from that those tutorials refer to the creation of a new project which implies that the Firebase Auth package is not yet installed. And I mention this because I've seen plenty of people in the comments that are struggling with the Plugins and Parse folders that get overwritten whenever both Firebase Auth and Google or Facebook packages are installed. So there does not exist a rule of thumb on how to proceed in cases where projects already had other methods of authentication such as Email/Password.
Of course, the documentation for both Google and Facebook is unclear on how to get the access token.
Facebook SignIn doc: https://firebase.google.com/docs/auth/unity/facebook-login?hl=en&authuser=0
Google SignIn doc:
https://firebase.google.com/docs/auth/unity/google-signin?hl=en&authuser=0
I've made this post in order to find a step-by-step solution to my problem and hopefully help the community find a solution to a problem that concerns many developers.
[Edit]: My question is. How exactly do I implement the Google & Facebook Sign-In, based on the documentation, that is unclear, especially on the step
Follow instructions for Android and iOS+ to get an access token for the signed-in Facebook user.
And I am speaking for a project that already has imported Firebase.Authentication, which means that folders such as Plugins and Parse are already in the Assets and get overloaded from the packages requested by the 'tutorials' (Because the docs do not even mention what package to use and how).
[Edit]: As of right now I've managed to set up the code in a way that has no errors. When I run it though I get:
[Android]: Exception: Field currentActivity or type signature not found.
[iOS]: EntryPointNotFoundException: GoogleSignIn_Create
After some googling, they proposed testing it after I build it which I think is way too much time-consuming.
This is the answer I've got from Firebase support.
First of all, we need to note that Firebase only has three native authentication providers: email, phone, and anonymous authentication. For the other methods, Firebase needs to trust how their respective third-party providers handle their authentication flow. That's why Firebase can't offer a way to get the access token. This is not its responsibility.
So, to sign in with a Federated provider (FP) you must follow the following steps.
Think about which will be your target mobile platform. Not all the FP provide the same authentication flow on iOS or Android. For example Google offers a more handy way to authenticate Android devices by using Google Play Game Services
Authenticate in Unity Using Google Play Games Services | Firebase
Search on his FP's official GitHub repository for the official plugins to get access to the FP's SDK on Unity. For example, Google offer a useful plugin to authenticate user in both platforms
GitHub - googlesamples/google-signin-unity: Google Sign-In API plugin for Unity game engine. Works with Android and iOS.
Last plugin's release: https://github.com/googlesamples/google-signin-unity/releases/tag/v1.0.4
Examples - Unity SDK - Documentation - Meta for Developers
Create the FP credentials according to its own requirements. For example, Google login requires the use of web_client_id, which can be obtained from the google-services.json or GoogleService-Info.plist files needed to build the application on the target platform.
https://github.com/googlesamples/google-signin-unity#get-a-google-sign-in-configuration-file
https://github.com/googlesamples/google-signin-unity#using-this-plugin-with-firebase-auth
Once you've built the FP's credential into your project, it's time to check out our Firebase documentation for using the FP credential in our authentication flow. I recommend having the Firebase reference along with the documentation as it will help to know what arguments the required method needs.
The best way to test your new authentication provider is by implementing the Firebase Authentication Unity Quickstart. Please clone the Unity Quickstart repository here and deploy the Unity project found in the auth folder. Follow the steps mentioned in the README.md file and build the app on your target platform.
I recommend that you add the FP's SDK right in the same step as adding the Firebase SDK plugins to avoid some build issues. Since these errors are more related to Unity than Firebase, I recommend reaching out to our communities on StackOverflow, Google Groups, and Slack for help with these issues as they have more knowledge than I on those topics.
So, in conclusion, getting credentials from third-party providers is a task delegated to them and not to Firebase since this one is not responsible for any third-party authentication flow.

Using Firebase as frontend with Google Workspace as backend?

The educational organization that I'm working for have for some years been using a custom built Firebase site as a Learning Management System: custom email/password authentication, access of pedagogical recources with custom built frontend exercise modules/learning games, user administration etc.
Now, this organization is to an increasing extent using Google Workspace for user administration, resource sharing etc. However, Workspace itself can't be used as a replacement for the Firebase site due to the limits in design possibilites, lack of customization of pedagogical content etc.
So, does Google Workspace provide api's that would make it possible to use it as a "backend" for a Firebase frontend?
The most basic and inportant thing is authentication/authorizaion: Users should get access to the Firebase site and its resources via their Workspace account group and membership(s) in Workspace group(s).
When it comes to content, it would be great to - apart from the custom Firebase documents/pedagogical modules - also be able to present documents/resources from associated Workspace groups.
All in all: as much as possible of user auth, user adminstration, document resources should be kept on the Workspace side, with Firebase used as a facade communicating with workspace via api's, and also providing the customization possibilites when it comes to special content not possible in the Workspace context.
How much of this can be done with the combination of Firebase and Google Workspace today?
Preferrably using api calls, not by first copying/syncing database information back and forth?

What exactly does the automaticDataCollectionEnabled flag do in Firebase web?

Currently working on a CMF for a web platform that uses firebase, Firebase Analytics and AdSense. However firebase's docs on consent and user privacy for the web are either missing a lot of stuff or the api doesn't have granular control over it.
The app config property I'm referring to is not explained by The settable config flag for GDPR opt-in/opt-out. Can anybody explain what it does and controls? And, possibly out of the scope of this question, how to granularly enable and disable data collection on specific firebase services and the related AdSense? Of course gtag commands would solve this but as I'm using gtag via FB Analytics, it's possibly not exposed(certainly not in the docs) and I don't think loading the gtag again is a good solution, if it'd even work.

Firebase and Expo. Deploy Expo App. Hiding Keys

I see this question has already been asked but not all that recently so I am bringing it up again.
How do you hide your firebaseConfig file, or any secret key, in an expo application? (For production, not dev).
As far as I can tell, there is no way to properly hide the firebase config file with API keys etc in a react-native expo app.
Being that I have already built my entire app around interacting with firestore, I am a bit perplexed as to how to proceed forward.
If I eject, is there a way to properly hide my API key in a non-expo react-native-app? Or will I still face the same problem? Everything is working smoothly and I would prefer not to eject.
I have some experience using node.js/express.js as a backend (only ever in a development setting). Should I build myself a server and then serve the config info from there?
If I want to deploy a 'demo' app, is there a way to hide the keys while still using expo?
Any insight into this would be so helpful.
As far as I am aware there is no 'dotenv' package compatible with expo.
Also I have zero experience in deploying mobile apps, and very little in deploying web apps. I have not yet had to deal with securing keys in deployment.
Any help would be so appreciated.
It's not possible to effectively hide your Firebase config information. The best you can do is make it more difficult for someone to find them. Since all the JavaScript code is running on a computer or device that you don't control, you can't ensure that any of it is hidden from view.
In fact, you don't need to hide any of that. I suggest reading this: Is it safe to expose Firebase apiKey to the public?
If you're using Realtime Database, Firestore, or Cloud Storage, you should be using security rules to protect data so that only authorized users can access it.

Resources