How can one use Firebase to SSO into some product?
Firebase is a federated IdP, meaning, they handle the auth flows for other IdPs, ie Google, Facebook, Twitter, etc.
So how can I set up a product with SSO that is expecting some kind of Auth flow, ie OIDC, SAML, when FireBase doesn't necessarily do that? Note, I am comfortable building my own login pages and using the FireBase SDK, I'm just not sure where to start.
Let's take Google for example. I can easily setup Google SSO for my product. I just generate a client ID/Secret in the Google Dashboard, and then use Google's OAuth flow.
My product initiates the login and redirects to Google for logins
Google identifies my user and redirects to my product's callback URL
Done, user is logged in
How would I do the same thing in FireBase, which is a sort of middleman between my product and Google?
If you have your own user auth system, and you want to integrate that with Firebase Auth for the purpose of creating accounts that integrate with other Firebase products, you can write a custom authentication provider. Your backend will take the user's credentials and create a custom auth token that the app can use to sign in the user.
Related
We have an existing registration flow which uses Auth0 passwordless authentication with phone number, I now want to add google SSO as another registration option.I also want users registered with phone number to link their account. I am looking for suggestion in how to do this. I am using graphql api and next.js.
I want to be able create calendar events in my Action that runs through Google Assistant.
Right now I was able to modify this Quickstart guide (https://developers.google.com/calendar/quickstart/nodejs) and use it in my current Dialogflow fulfillment. However, it's a little tedious to have the user have to copy and paste the authentication code after allowing Google Calendar access. Are there any better ways to do this that doesn't require the copy-paste flow? Thanks in advance!
Use Account linking with Google Sign-In
https://developers.google.com/actions/identity/google-sign-in
Then send a card to the user device with a link to authorise Google Calendar access. Store the authentication code securely against the user. Use the authentication code to make requests.
Broadly speaking, the approach you can take is to use Google Sign-In, as outlined in this SO answer: Google Home Authorization Code and Authentication with Google Account.
With this scheme, you use a website to get the user to authorize your use of the Calendar API scope, and you store the auth token against their UserID. Then you use Google Sign-In with the Assistant to get that ID. This works well if they go to your web page first, but not as well if they go to the Assistant first.
You can also setup an OAuth server that lets users sign-in using Google Sign-In on a web page (or use something like Auth0 and, as part of that sign-in, get authorization for the Calendar scope. Then use OAuth Account Linking in the Google Assistant to get an auth token which you can use to get the user's ID. You can then use this ID to lookup the authorization token.
I am building a web and mobile app using firebase. When signing with Google, firebase auto creates a new account in the project (Auth) if one does not exist. Its fine with the mobile app.
But with the web, I just want existing users (who created accounts with mobile app) to signin and not create new accounts via web.
How do I setup firebase not to create new accounts if one does not exist?
There isn't a way to restrict social sign-in with Firebase Auth to "only sign in, not sign up".
If you have a means of detecting users that have signed in using the app at some point (e.g. by writing a value to your database in a specific location), you could check for that value when signing in via the web, and, if missing, display a screen encouraging users to install the mobile app.
I think this is what you are looking for:
Link Multiple Auth Providers to an Account Using
JavaScript
You can allow users to sign in to your app using multiple
authentication providers by linking auth provider credentials to an
existing user account. Users are identifiable by the same Firebase
user ID regardless of the authentication provider they used to sign
in. For example, a user who signed in with a password can link a
Google account and sign in with either method in the future. Or, an
anonymous user can link a Facebook account and then, later, sign in
with Facebook to continue using your app.
I'm creating the authentication for an app that requires Office 365 integration. I got the authentication in the front-end to work but I'm not sure what is the best way to link this authentication information to Firebase Cloud Functions.
I saw answers related to this that say I should redirect the user to the login page of Azure AD and get the token back to my cloud functions to mint a custom token and give that one back to the user.
But this is not clear for me, how can I confirm this token the user sent is valid?
And can I use the admin.auth().verifyToken() to get the user information from this custom token?
Mainly token are used for authentication but firebase provides different
Sign-in providers like email and password, Facebook, Google, GitHub and Anonymous for authentication. Then what are this tokens used for?
Can anybody guide me to a use case where this custom tokens are useful?
Here's where I got to know about this Custom tokens:
https://www.youtube.com/watch?v=VuqEOjBMQWE&t=93s
https://firebase.google.com/docs/auth/admin/create-custom-tokens
Custom tokens are used when you want to use a Custom Auth System:
You can integrate Firebase Authentication with a custom authentication
system by modifying your authentication server to produce custom
signed tokens when a user successfully signs in. Your app receives
this token and uses it to authenticate with Firebase.
For example: Let's say you're developing an app that needs authentication, but you don't want to use the Auth Providers that Firebase supports (Google,Twitter,Facebook,etc). Let's say you want to use Instagram Auth.
Since Instagram Auth is not provided by Firebase you can't set your Realtime Database rules to auth!=null. You'll probably set it to public, which means that anyone can access your data and this is an obvious security risk(Your database is not safe at all).
So what you can do is create your custom auth system that allows a user to authenticate with Instagram and then give him a Custom Token. The user will then use this token when signing in to your Firebase App, and he will be recognized on Firebase Authentication. Which means that he can now access data that is protected by auth!=null. Your database no longer needs to be public.