Is there a way to combine the benefits of Identity Platform (OIDC and SAML) with Firebase Auth? A project I am working on needs sign in with Apple, which only Firebase auth supports as of right now. It also requires using SAML. Thoughts?
Identity Platform is an upgraded version of Firebase Auth. You can upgrade your Firebase project to an Identity Platform project. Any existing supported Firebase IdP or behavior will continue to work (no changes to your code). You will get the added benefit of SLAs, SAML, OIDC, MFA with SMS and multi-tenancy support among other, but everything should continue to work. However, note that Identity Platform is a paid service above a certain number of monthly active users.
Related
Firebase has announced a new optional upgrade called Firebase Authentication with Identity Platform, however, the new features already exist on the GCP Identity Platform.
As mentioned in the documentation here
Identity Platform serves as the backend for Firebase Authentication with Identity Platform and the features that are offered are identical.
I want to know:
What is the changes that occurred after the new upgrade has been released, and how can we benefit from it?
Should we now choose to work with only one of Firebase Authentication with Identity Platform and GCP Identity Platform?
What changes should be implemented if I want to migrate from GCP Identity Platform into Firebase Authentication with Identity Platform?
One of my favorite features that are implemented is that we are able to register blocking functions. If you read the docs, you'll all the benefits.
It's up to you to decide, but in my opinion, I would prefer to use the newest solution.
As far as I noticed, none.
Once you migrate, you'll see in the Firebase console in the Authentication section on the top of the page, the following text:
Authentication with Identity Platform
And to answer your question:
What is the difference between Identity Platform and Firebase Authentication with Identity Platform?
The real benefit is that you can use all the other Firebase products.
Edit:
Besides the blocking functions, there are other new features present, that weren't before:
Multi-factor authentication
Sign in with OIDC
Sign in with SAML
Multi-tenancy
IAP integration
In addition to #Alex's answer, upgrading to Identity Platform also let's use disable sign-ups and account deletion from the Firebase client SDK. It's useful when you want to restrict certain users to your application as you'll have to use the Admin SDK to create/delete users.
This along with blocking function and other features were part of Identity Platform already and you were able to upgrade your Firebase project before as well just like in the answer linked above. Firebase just made it easier for you to upgrade and use those features now directly from Firebase console.
Should we now choose to work with only one of Firebase Authentication with Identity Platform and GCP Identity Platform
If you plan to use only E-Mail Password authentication, Google Accounts and do not require blocking functions or so. You can keep using Firebase Authentication only as you won't be charged for it. However, if you upgrade to Identity Platform, you only have 3000 DAU for free.
I may have upgraded Firebase auth to Firebase auth with Identity Platform GCP. I came to know it has a Paid Tier and I really don't use any upgraded options other than basic auth.
I want to go back (downgrade) to Firebase Legacy Auth
Firebase docs don't mention how to downgrade. Nor anything is mentioned in Google Cloud Platform docs.
firebaser here
At the final step in the upgrade process, you get this dialog:
As you can see at the bottom there: You won't be able to reverse this decision, so there is indeed no way to reverse the upgrade.
In some cases our support team may be able to do something, so reach out to Firebase support if you think your case warrants that check.
It is possible to use Google Identity Platform and Firebase Auth concurrently in the same project without upgrading my email/password users in Firebase Auth to Google Identity Platform and having to pay for those users?
Attempting to use Google Identity Platform seems to force me to move all my users in Firebase Auth over to it.
As far as I know it is indeed not possible to use Google Cloud's Identity Platform and Firebase Authentication on a single project. You'll have to pick one, and use that for the entire project.
The only alternative I can think of is setting up separate projects for each, and accessing the specific project for the type of user. But in that scenario you'll have to deal with data migration and probably more nasty situations.
Update: since June 2022 the upgrade to Identity Platform is available directly within Firebase. While this optional upgrade does switch you to a different pricing plan which is no longer unlimited, it comes with a generous free tier of 50,000 MAU (monthly active users).
For more on this see the announcement blog post MFA, Blocking functions, and more come to Firebase Authentication and the documentation section on Firebase Authentication with Identity Platform.
I see firebase has no server authentication API's added in the Firebase Admin but has only user management (CreateUser and UpdateUser).
Firebase only offers signin through client libraries where it depends on Google Identity Platform (https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword)
After exploring further I ended up finding Firebase Auth REST API over (Implemented it too and works great) here.
This API reference is great for implementing Auth through REST API and avoiding dependency on client libraries. As this helps in having complete server side authentication through cloud functions.
Coming to the pricing, Firebase mentions that Auth costs nothing where as Google Identity platforms has really high pricing.
So would like to know what Firebase team has to say on this or any one who explored this.
If one day I would have to replace Firebase with custom solution can I migrate authorized users from Firebase Auth to my system?
I am aware that Firebase allows to export all user data using Firebase Admin SDK but I'm curious about behavior of identity providers (Facebook, Google and Twitter). If my custom system would use the same providers API keys as Firebase Auth what would happen to my users?
Thanks for any help !
Firebase Auth provide a CLI SDK to download your accounts:
https://firebase.google.com/docs/cli/auth#authexport
Firebase Auth uses SCRYPT to hash passwords. If you decide to migrate, you can also contact Firebase support to help you with the process.
As for linked OAuth providers, you can still implement that in your own system as the OAuth flow is a well known standard and the users should be portable. In general, Firebase Auth architecture is based on open standards and protocols that are widely used in the industry. The advantage is that Firebase Auth manages all that complexity for you for free.