I'm developing my project and here is a deal: I'm having firebase auth email and password based. Then I've created landing for users and what I'm trying is to let users signup from landing which is on different domain and stayed logged in on my main app.
I've looked up firebase docs but didn't find any snippets. Basically I think there should be auth provider config, but again there is no info. Maybe you've faced such an issue, how you've solved it?
You cannot signup users on one domain and allow them to login into a different domain with those signup credentials. Firebase doesn't allow that. Each domain has its own auth setup that doesn't coincide with another domain's authentication. You can use sub domains if you want. ->
https://dev.to/johncarroll/how-to-share-firebase-authentication-across-subdomains-1ka8
You will have to create cloud functions but to achieve this even on subdomains.
Gist of that article.
Getting Firebase Authentication to work across subdomains is not super
straightforward, but it is doable without that much work.
Unfortunately, you need to be familiar with a number of concepts such
as CORS, cookies, JWTs, Firebase Authentication itself, etc.
Might as well develop your own Nodejs server instead of using hacks and workarounds like in the article.
Related
I want to let users sign-up for a sub-domain on my app's main domain. Unfortunately Firebase Hosting doesn't support wildcard subdomains (yet?), but I think I have an almost-automated way to do this.
I'll lay out my plan, but I'd really appreciate any feedback or improvements of how else I should solve this problem.
Steps:
Gather a user's intention to create a subdomain
Automate Firebase CLI to create another site, get DNS settings and add them into a Firestore doc (that I will then show the user)
Upload a simple HTML page with <object> and their site app.website/username
Cry because <objects> doesn't change the URL in the browser
Each user has a public profile on the main domain, like this: app.website/username, but I want to also host this page at username.app.website so they can point their domain (or subdomain) to their app.
Is there a way to do this efficiently?
From the documentation on connecting to Firebase Hosting:
Each custom domain is limited to having 20 subdomains per apex domain, due to SSL certificate minting limits.
So you can't have more than 20 subdomains. As long as you stay within that limit, you approach could work. But it won't allow you to go over the limit.
Let's say I own a fully static website on https://example.com/. Just HTML, CSS and client side JS files.
Next I wanted to implement a basic commenting system allowing authenticated guests to leave comments. My plan is to use a POST form on the site and implement the commenting backend on Firebase with a Firestore database.
Authentication wise, I suppose it needs to deal with two scenarios:
Client authentication. The site itself needs to be authenticated by the firebase backend so that only POST requests originated from the site will be accepted. What should I do? There must be no shared secret between the site and firebase because the site is static and everything in there can be accessed by visitors. Perhaps there is some kind of host based auth? Appreciated if you can point me in the right direction.
User authentication. Guests need to be authenticated before they can post comments; Use OAuth should be fine provided the backend can deal with Facebook, Github etc.
I currently built a small WebApp for personal use. I want to push it online but not everyone should have access to it. I want to send the password to people which I will allow to access the site but I only want one password which can everyone use. I build the App with just Nuxt.js and firestore because I'm not familiar with backend technology.
I'm aware of the firebase authentication, but it only supports authentication with e-mail address.
Does someone know a simple Method how I can do this? Security is in this case not very import, I just want that not everyone can go on the site yet.
Thank you very much for your help.
As you mentioned, you're aware of firebase authentication, create a single account with email and password. For now, on login screen you can pass email hardcoded in input[type='hidden'] field.
You can use basic authentication for that. Not the most secure way of securing a site since the credentials are sent over with each request but If your site is under https you should be fine.
I'm loving working with Firebase but I have hit a brick wall.
I can authenticate in Firebase using a provider but it doesn't matter who they are, once they provide there credentials they have access to my application.
I want to restrict which users can access my site.
I am assuming the best way to do this is via security rules but I haven't seen a great example of how to do this.
Are Custom Tokens the best way to do this?
How do I associate a custom token to a provider user?
Is there a better way?
If possible, could someone point me to a resource that clearly demostrates this or provide an example?
I have read the links provided from this post but I can't see any example that grants privileges to certain provider users.
we have a production site like www.Domain1.com, and developing a new web application www.domain2.com, and would like to implement single sign on.
I am looking for solution pretty much like how google works like login to gmail, in gmail navigate to other google apps or we can open new window and we can use picasa or other google apps with out login.
I have found an interesting solution, where we will be developing a dedicated Authentication site like www.sso.com.
http://www.codeproject.com/KB/aspnet/CrossDomainSSOExample.aspx
we use webfarm environment, site 1 and site 2 will be deployed in webfarm environment, but when we deploy www.sso.com in webfarm , this solution will not work.
I am sure google might have implemented www.sso.com service in webfarm environment. i am trying to understand and implement the same.
Experts i kindly request your help in this direction , any information which helps me.
AFAIK, after Google authenticates user with main auth site/service, it issues a set of redirects to auth. end-points to all main domains with one-time secret key in URL, so each end-point on each domain sets auth. cookies for given user.
E.g. user signs in at http://sso.com/login, then he is redirected to
http://domain1.com/auth?secret=12345
http://domain2.com/auth?secret=12345
...
http://domainX.com/auth?secret=12345
And each domain sets an auth cookie to the browser.
Correct me if I'm wrong.