Using firebase we have integrated OTP service for user to register & login in our web app. Is it possible to integrate IVR service also for users registration & login. Pointing to document reference would be helpful. I could not find one in firebase documentation.
Used Angular as front end and node as backend in our project,
Thanks,
Mohan
Firebase Authentication comes with a number of built-in providers, for email+password, many social sign-in services, and phone number based verification. But there is no built-in provider that uses interactive voice response (IVR) to sign the user in.
That said, if you have an IVR provider you want to use, you can build a custom provider to sign the user that you authentication with that service into Firebase. See the documentation for what that looks like in your app, and on the back-end that you'll need to create.
Related
I am building a Flutter app with Firebase Authentication. I am trying to find a way to ensure that the communication going to my backend is actually from the app I wrote and uploaded to the stores. I thought that I could be using the JWT provided as a result of the firebase login for this task to ensure that the logins can be made only from within my app.
I figured out that certain signs in email and password methods can be logged in from outside the app it was intended for. However, since google and phone sign-in require an SHA-1 key to be registered to the firebase project, I wondered if I could ensure that by restricting logins to these methods, only the trusted app can generate valid JWT and communicate with my backend.
I do not know much about security, so I would really appreciate any tips.
I developed two different Flutter applications. An Admin Version and another Client Version. I would like to use the same login (auth) and access to Storage for both Apps.
It's definitely possible to access the same Firebase project from two different apps. In fact, when these apps are locally part of the same "application", that is actually an intended use-case.
A few things to keep in mind though:
Firebase Authentication does not have the concept of an administrator user. It "merely" authenticates the user, allowing them to sign in with their credentials. Any administrator logic is specific to your application, hence often referred to as an application administrator. You'll typically want to flag application administrators, for example by setting a custom claim on their accounts.
Not all functionality that the application administrator may need is going to be available in Firebase's client-side SDKs. A common scenario is that the administrator should be able to create accounts for other users, where the client-side Firebase Authentication SDKs don't support this logic. For some more information on this, and how to solve it, see Firebase kicks out current user and my answer with many links here How to create firebase admin user for authentication in java. In a nutshell: you'll have to use the Firebase Admin SDK, in a trusted environment, for some of these operations.
You then secure access to Cloud Storage by writing security rules. For some examples of securing access based on the user, see the documentation on securing user data.
I need to identify a similar authentication in Google Cloud Platform like Google Firebase offers. I want to authenticate users by E-Mail and password.
I developed a web app that runs in GCP AppEngine. This web app authenticates users by their E-Mail and password. But I wont host a custom OAuth server. Is there a OAuth server or similar authentication service provided by GCP too?
Or should I use instead Google Firebase Authentication?
You can of course roll your own authentication, but it's also possible to use Firebase Authentication in combination with your own App Engine backend. Have the users sign in with Firebase Authentication in the client-side app, send the ID token over a secure connection from the client to your App Engine server, and then verify the ID token in your App Engine code.
You can create a Firebase project linked directly to your GCP project (just find your GCP project in the Firebase project creation dialog).
Depending on the required language, they have a couple of tutorials with explanations on how Firebase Auth and e.g. App Engine can work together with sample codes. See:
https://cloud.google.com/appengine/docs/standard/python/authenticating-users-firebase-appengine
I want custom firebase authentication where a user manages the roles of subordinate users. I need guidance on understanding on how to implement my own backend authentication system. Everywhere the documentation keeps mentioning that 'send the username and password to your backend that will generate a custom token'. What is this backend? where do I pursue this? My knowledge domain is firebase, firebase functions, angular 2/4, ionic2 for this discussion... thanks
To use custom authentication, you need to create a JSON Web Token (JWT) on your existing backend server, after you have used your existing backend server to validate the username and password of the user (or however else your backend server validates your users).
To create that JWT, use the configuration described at https://firebase.google.com/docs/auth/admin/create-custom-tokens?authuser=0#create_custom_tokens_using_a_third-party_jwt_library
There is PHP and Ruby code available at that page, for anyone using a language that does not have an SDK available from Google, but which does have a JWT library available.
The JWT is signed with your private key, which you can obtain as indicated at https://firebase.google.com/docs/auth/admin/create-custom-tokens?authuser=0#create_custom_tokens_using_a_third-party_jwt_library
Although that page describes initializing the SDK, this section also has instructions for creating the private key for your service account using the Firebase console at https://console.firebase.google.com/u/0/project/_/settings/serviceaccounts/adminsdk
You will have to send the email password to the firebase sdk in using javascript in web then when the sdk success functions tell that the user has been authenticated the web page will send result to your backend server (can be nodejs or php etc) from there you have to manage your own database to handle all the role base access.
Firebase is basically authenticating the user for you and telling you that you can identify this user using the following userid and then build your own system.
Firebase has access rules but those you have to define first you cannot fully customize them for each user.
For password auth see this:
https://firebase.google.com/docs/auth/web/password-auth
An easy way to do custom auth with Firebase is using an external identity provider. Auth0 is an example of such a provider.
Guide:
https://shusson.info/post/using-firebase-and-auth0-together
code:
https://github.com/shusson/firebase-custom-auth
I am developing a web ap with firebase and I want to connect it directly from the frontend using JS so I avoid to have a middle layer. So my question is basically how can I do a secure implementation with firebase and how can I hide the credentials that will be exposed on Javascript
You never store credentials on the client. See this overview for a quick summary of how security works in Firebase: https://www.firebase.com/docs/security-quickstart.html
If you don't want to run your own server to do authentication, you can use the Firebase Simple Login service. Simple Login integrates with Facebook, Github, Twitter and Persona to provide user login. You can learn more about the service and how to use it here: https://www.firebase.com/docs/security/simple-login-overview.html