It is possible to use Google Identity Platform and Firebase Auth concurrently in the same project without upgrading my email/password users in Firebase Auth to Google Identity Platform and having to pay for those users?
Attempting to use Google Identity Platform seems to force me to move all my users in Firebase Auth over to it.
As far as I know it is indeed not possible to use Google Cloud's Identity Platform and Firebase Authentication on a single project. You'll have to pick one, and use that for the entire project.
The only alternative I can think of is setting up separate projects for each, and accessing the specific project for the type of user. But in that scenario you'll have to deal with data migration and probably more nasty situations.
Update: since June 2022 the upgrade to Identity Platform is available directly within Firebase. While this optional upgrade does switch you to a different pricing plan which is no longer unlimited, it comes with a generous free tier of 50,000 MAU (monthly active users).
For more on this see the announcement blog post MFA, Blocking functions, and more come to Firebase Authentication and the documentation section on Firebase Authentication with Identity Platform.
Related
Firebase has announced a new optional upgrade called Firebase Authentication with Identity Platform, however, the new features already exist on the GCP Identity Platform.
As mentioned in the documentation here
Identity Platform serves as the backend for Firebase Authentication with Identity Platform and the features that are offered are identical.
I want to know:
What is the changes that occurred after the new upgrade has been released, and how can we benefit from it?
Should we now choose to work with only one of Firebase Authentication with Identity Platform and GCP Identity Platform?
What changes should be implemented if I want to migrate from GCP Identity Platform into Firebase Authentication with Identity Platform?
One of my favorite features that are implemented is that we are able to register blocking functions. If you read the docs, you'll all the benefits.
It's up to you to decide, but in my opinion, I would prefer to use the newest solution.
As far as I noticed, none.
Once you migrate, you'll see in the Firebase console in the Authentication section on the top of the page, the following text:
Authentication with Identity Platform
And to answer your question:
What is the difference between Identity Platform and Firebase Authentication with Identity Platform?
The real benefit is that you can use all the other Firebase products.
Edit:
Besides the blocking functions, there are other new features present, that weren't before:
Multi-factor authentication
Sign in with OIDC
Sign in with SAML
Multi-tenancy
IAP integration
In addition to #Alex's answer, upgrading to Identity Platform also let's use disable sign-ups and account deletion from the Firebase client SDK. It's useful when you want to restrict certain users to your application as you'll have to use the Admin SDK to create/delete users.
This along with blocking function and other features were part of Identity Platform already and you were able to upgrade your Firebase project before as well just like in the answer linked above. Firebase just made it easier for you to upgrade and use those features now directly from Firebase console.
Should we now choose to work with only one of Firebase Authentication with Identity Platform and GCP Identity Platform
If you plan to use only E-Mail Password authentication, Google Accounts and do not require blocking functions or so. You can keep using Firebase Authentication only as you won't be charged for it. However, if you upgrade to Identity Platform, you only have 3000 DAU for free.
I'm looking for out-of-the-box signup and sign-in solution. Based on my research AWS Cognito provides the solution. Custom hosted UI, self-sign-up with configurable required fields.
Does Google Firebase or Google Cloud as a whole have similar functionality? Especially self-sign-up flow with configurable required fields.
I see with Google Firebase email/password authentication provider available for sign-in. but I don't see self sign up process where I can configure the required field during the sign-up process.
Firebase Authentication is the sign-in solution from Firebase. In addition to SDK for Firebase's supported platforms, it comes with a pre-built UI for the most common platforms: web, Android, iOS and Flutter.
The number of pre-defined fields for a user is quite limited though, see for example the definition here for a web user. There is no way to expand this within Firebase Authentication. If you want to store more information for each user, you'll typically do that in one of Firebase's databases (Firestore or Realtime Database) with the user ID as the key for that information.
I have seen mentioned that there is actually a 1000 app hard limit to Firebase projects as it is the OAuth 2.0 Client IDs that have a limit of 30 and that these can be deleted if not needed.
I have removed the OAuth Client ID for my app from here https://console.developers.google.com/apis/credentials
My app is a hybrid app (Ionic) and uses firebase auth with email/password via the web app not native one so it appears to work fine.
I am assuming this means I am home free and can add up to 1000 apps if I manually delete the OAuth 2.0 Client ID each time?
I am looking at adding Google and Facebook sign-in on the hybrid mobile apps using a native implementation (just for the google/fb auth) soon would this be something that I would need the native app OAuth 2.0 Client IDs for? Is this just used for Google Auth?
If so I guess this would restrict me back to 30 apps but I could use the web Google Auth (although the UX is not as good).
I will also be using Firebase Cloud messaging if that is related at all.
I am not familiar with OAuth 2.0 Client IDs so any help is appreciated as I don't want to go down this route but find a problem later on once my product has gone to market.
Note: I have read the recommendations from Firebase that each tenant / customer / label should have its own project. This is not how I want to implement my platform as the data is shared between tenants as users can belong to multiple tenants. Plus making a project per tenant seems crazy if I have up to 1000 tenants.
Some of the tenants but not all will have their own branded app. Same app with different branding and in different app store accounts.
https://firebase.google.com/docs/projects/learn-more#multi-tenancy
It appears the limit for apps has now been reduced to 30.
https://firebase.google.com/support/faq/#apps-per-project
If you need more than 30, the above FAQ entry states:
In the rare case your project requires more than 30 apps, you can request an app limit increase. Your project must be on the Blaze billing plan to make this request. Visit the Google Cloud Console to make your request and have it evaluated.
I am currently working on a big software project that makes use of Firebase services. Especially Firebase Cloud Firestore, Firebase Storage, and Firebase Auth is used.
Multiple teams in one project
Teams can create their instance of the app to use the features of the app. From a technical standpoint, it is important to know that everything happens through one single Firebase project. Teams are not separated into multiple projects. From a feature standpoint, this is mandatory.
The authentication process
Admins of a team can manage the experience for the users of their team. They should also be able to modify the login methods and e.g. set up individual data to their Microsoft Azure AD account or Google Enterprise account. After a successful setup users of the team should be able to sign in with the prepared auth method by their team admin.
Possible approach
All available auth methods are enabled, set up, and ready to use (E-Mail, Google, Twitter, Microsoft, etc.). When a user opens the app and wants to sign in, the app checks which auth methods are enabled by the team admin and presents the appropriate UI.
Problem: Microsoft AD
Unfortunately, the metadata and values needed for Microsoft AD are set by the team admins and are different for every team. How can this be solved?
Is there a way to combine the benefits of Identity Platform (OIDC and SAML) with Firebase Auth? A project I am working on needs sign in with Apple, which only Firebase auth supports as of right now. It also requires using SAML. Thoughts?
Identity Platform is an upgraded version of Firebase Auth. You can upgrade your Firebase project to an Identity Platform project. Any existing supported Firebase IdP or behavior will continue to work (no changes to your code). You will get the added benefit of SLAs, SAML, OIDC, MFA with SMS and multi-tenancy support among other, but everything should continue to work. However, note that Identity Platform is a paid service above a certain number of monthly active users.