I am currently working on a big software project that makes use of Firebase services. Especially Firebase Cloud Firestore, Firebase Storage, and Firebase Auth is used.
Multiple teams in one project
Teams can create their instance of the app to use the features of the app. From a technical standpoint, it is important to know that everything happens through one single Firebase project. Teams are not separated into multiple projects. From a feature standpoint, this is mandatory.
The authentication process
Admins of a team can manage the experience for the users of their team. They should also be able to modify the login methods and e.g. set up individual data to their Microsoft Azure AD account or Google Enterprise account. After a successful setup users of the team should be able to sign in with the prepared auth method by their team admin.
Possible approach
All available auth methods are enabled, set up, and ready to use (E-Mail, Google, Twitter, Microsoft, etc.). When a user opens the app and wants to sign in, the app checks which auth methods are enabled by the team admin and presents the appropriate UI.
Problem: Microsoft AD
Unfortunately, the metadata and values needed for Microsoft AD are set by the team admins and are different for every team. How can this be solved?
Related
I am trying to figure out a problem I currently have. I have a software platform where restaurant owners can make and publish their own mobile apps. Menu access, reservation control, etc etc. I am using Firebase as my backend.
For each restaurant app I make, requires a customer login. The problem is that the customer can download another app from my restaurant client and has the ability to log in with the same credentials because I am using the same Firebase project for multiple apps, under the same company.
This is not what I want.. can I make multiple instances of Firebase Authentication? Or when the user registers, do I hardcode the username and password into the database, and check that, upon registration and signing in? If I did that, I would lose the power of third party log ins.
Please let me know of any ideas you guys might have..
Thanks!
Jorge
Firebase Auth can't have multiple instances per project. You would need to create multiple projects to in order to get more instances.
However, what you're talking about could be called "multi-tenancy", where you have multiple organizations each sandboxed from each other in a single project. For that, you will need to adopt Google Cloud Identity Platform and work with it using the Firebase APIs as described by the documentation.
I'm looking for out-of-the-box signup and sign-in solution. Based on my research AWS Cognito provides the solution. Custom hosted UI, self-sign-up with configurable required fields.
Does Google Firebase or Google Cloud as a whole have similar functionality? Especially self-sign-up flow with configurable required fields.
I see with Google Firebase email/password authentication provider available for sign-in. but I don't see self sign up process where I can configure the required field during the sign-up process.
Firebase Authentication is the sign-in solution from Firebase. In addition to SDK for Firebase's supported platforms, it comes with a pre-built UI for the most common platforms: web, Android, iOS and Flutter.
The number of pre-defined fields for a user is quite limited though, see for example the definition here for a web user. There is no way to expand this within Firebase Authentication. If you want to store more information for each user, you'll typically do that in one of Firebase's databases (Firestore or Realtime Database) with the user ID as the key for that information.
It is possible to use Google Identity Platform and Firebase Auth concurrently in the same project without upgrading my email/password users in Firebase Auth to Google Identity Platform and having to pay for those users?
Attempting to use Google Identity Platform seems to force me to move all my users in Firebase Auth over to it.
As far as I know it is indeed not possible to use Google Cloud's Identity Platform and Firebase Authentication on a single project. You'll have to pick one, and use that for the entire project.
The only alternative I can think of is setting up separate projects for each, and accessing the specific project for the type of user. But in that scenario you'll have to deal with data migration and probably more nasty situations.
Update: since June 2022 the upgrade to Identity Platform is available directly within Firebase. While this optional upgrade does switch you to a different pricing plan which is no longer unlimited, it comes with a generous free tier of 50,000 MAU (monthly active users).
For more on this see the announcement blog post MFA, Blocking functions, and more come to Firebase Authentication and the documentation section on Firebase Authentication with Identity Platform.
I am looking to have a single Firebase Project with multiple unique apps. A user can have different accounts and identities in each app. I am using Firestore to hold basic identity information i.e preferred name etc.
My issue is around authentication of the user in each app. Is there a way in which a user can have different auth accounts in different apps?
i.e In app1, the user will have the email/password of user#abc.com with password123 and in app2, the same user will have the email/password of user#abc.com with password456?
The logic behind Firebase projects is that all apps within a project are essentially the same to the user. So it's quite normal to have an iOS and Android and a web app within a single project. It is even common to have different apps for different aspects of the project, or a lite and a pro version of the app.
What all of these scenarios have in common though, is that the resources of the project (including the list of users) is shared between all apps. What you're asking is to have separate lists of users for different apps. That is not what Firebase projects are meant for, so this isn't built in.
You can probably get this working by building your own custom identity provider for Firebase Authentication. But I'd still recommend against it, as you're likely to run into other limitations in the future, either as your project expands or as Firebase enforced the logic of having "one logical app" per project.
Control Access with Custom Claims and Security Rules documents how to do this.
The Firebase Admin SDK supports defining custom attributes on user
accounts. This provides the ability to implement various access
control strategies, including role-based access control, in Firebase
apps. These custom attributes can give users different levels of
access (roles), which are enforced in an application's security rules.
User roles can be defined for the following common cases:
Giving a user administrative privileges to access data and resources.
Defining different groups that a user belongs to.
Providing multi-level access:
Differentiating paid/unpaid subscribers.
Differentiating moderators from regular users.
Teacher/student application, etc.
Add an additional identifier on a user. For example, a Firebase user could map to a different UID in another system.
I'm looking at Firebase as a backend for an MVP multi-tenant app. The app will be fully white labelled for each tenant, with each tenant signing up it's own user base. There will definitely be crossovers where users can register for more than one tenant however and I can't seem to see if this is supported by Firebase? essentially I would need to allow a user to register using the same email address to any number of tenants, without necessarily being aware that the tenants are the same system.
Is there anything that supports this?
Multi-tenancy is now supported by Google Cloud Identity Platform. Based on your question, this seems to be what you are looking for. See docs: https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart
You can create a dedicated Firebase project for each of your tenant. User accounts in one Firebase Authentication project are completely segregated from other projects.