We are developing a mobile application with a Firebase backend for a client organization. They want their organization's data hidden from the developer team. The firebase database is used by a flutter mobile application.
My current idea is to develop the app in an entirely different google account, and to swap configuration to clients google account when deploying, and deploy the cloud functions under their supervision. But there must be a easier way!
Can you guys suggest an elegant way to achieve this data privacy requirement of the clients?
What you want here is to utilize IAM roles in the project to restrict access. The client can own the project and grant limited access to the developers through roles that can be assigned.
They could give permission to deploy cloud functions without being able to read the entire Firestore database, as an example.
I'd recommend creating a second staging or "non-production" project that developers have full access to as well, since developing when you can't use the Firestore data viewer or have admin read access can be very difficult.
Related
I am trying to figure out a problem I currently have. I have a software platform where restaurant owners can make and publish their own mobile apps. Menu access, reservation control, etc etc. I am using Firebase as my backend.
For each restaurant app I make, requires a customer login. The problem is that the customer can download another app from my restaurant client and has the ability to log in with the same credentials because I am using the same Firebase project for multiple apps, under the same company.
This is not what I want.. can I make multiple instances of Firebase Authentication? Or when the user registers, do I hardcode the username and password into the database, and check that, upon registration and signing in? If I did that, I would lose the power of third party log ins.
Please let me know of any ideas you guys might have..
Thanks!
Jorge
Firebase Auth can't have multiple instances per project. You would need to create multiple projects to in order to get more instances.
However, what you're talking about could be called "multi-tenancy", where you have multiple organizations each sandboxed from each other in a single project. For that, you will need to adopt Google Cloud Identity Platform and work with it using the Firebase APIs as described by the documentation.
I'm developing an android app with firebase as a backend and I heard a word named Admin SDK. I had searched for it and found it is used to manage data.
But I have a doubt that firebase provides a console webpage (console.firebase.google.com) to manage data, but why there is a separate Admin SDK?
Can someOne please explain...
The firebase admin SDK provides a simple and easy way to modify firebase settings and data using API calls.
For example, you might ask: why should you even have a regular SDK to store data? After all, you can store and save data directly from the web interface. It is, however, simply not secure or practical to have users update their own data each time using the console.
Similarly, the admin SDK is just like the regular SDK but with administrator permissions. For example, it allows you to bypass the rules set up using your firestore rules. The Firebase admin SDK is meant to be used on your backend - so you know it is running trusted software. You know that it will act the way you expect it to, unlike code running client-side that can't be trusted.
For example, let's say that you want to be able to delete a user's post if certain conditions are met. The user will make the request to your server, and it will check if the conditions are met, and then delete the post using its admin privilages. Sure you could technically automate this using firestorm rules, but those can be quite cumbersome and might not work in more complicated examples.
You can also even use it to integrate with other applications like connecting your app to a moderation tool or a curse detector that can't or shouldn't run on the client's device.
Is your question is why does Admin SDK exists?
There are several administrative tasks such as deleting users, listing collections and many more which the client cannot and should not be able to do.
Firebase Admin SDK has admin access to your Firebase project's resources.
It does not obey any security rules and can read/write any of your database, storage bucket..
That is why you must use Admin SDK in a server (or cloud function only). Although I feel Firebase Admin SDK is more useful if you use your own servers and authentication method. If you are using a custom server then:
It can be used to generate custom token so you can authenticate users using your own method (maybe legacy auth system) but still use Firebase Authentication to handle the auth tokens thereafter.
If you use your own database (and not any from Firebase), the Admin SDK can verify the ID Token sent by client and get identity of that user. Thereafter it's could be a simple if-else statement for you to decide if the user has access to the request resource or not.
I have implemented Firebase Authentication in my app, using the Google Provider and the "https://www.googleapis.com/auth/drive.appdata" scope so my app can access its application folder within Google Drive
This part works fine and I retrieve the FireBaseUser once the authentication completes
What I now want to do is to access my app storage on Google Drive, but I don't know how to do this using the result of the current authentication
I tried to follow this: https://github.com/gsuitedevs/java-samples/blob/master/drive/quickstart/src/main/java/DriveQuickstart.java
But this doesn't work on Android.
The main issue is how to create the Credentials object
Do you have any idea on how to initialize a Drive.Builder instance so I can write/read to the app Google Drive folder?
Thanks
This cannot be done directly, because the Firebase & Google login are not the same, even when having logged in to Firebase with a Google account. On Android one meanwhile only has the "last logged in Google account" available for the user's Drive (the one on the device, which has nothing to do with Firebase Authentication, where Google may only be used as an "Authentication Provider").
So there are generally two options available to you:
Grant a GCP service-account access to Drive API and use Cloud Functions to access it.
Instead use Cloud Storage, which is within the Firebase eco-system and is similar to Drive.
I could also think of a combined solution approach, where users would use Cloud Storage (together with Firebase Authentication) and having a Cloud Function which uses a service-account, which eg. copies or moves uploaded files into a folder your Drive.
Concerning that (obviously server-side) Java example, the credentials.json clearly hints for a service account... and this is exactly where you can obtain this file from. However, for Android this is pretty useless - because it has major security implications, to package service-account credentials in an easy to de-compile package and distribute it on the WWW (to everybody). The Google Play Store likely would not permit you to publish or even upload that, because there are security checks in place. You could in best case only deploy that code as App Engine module, but not as an Android module.
Sorry for having destroyed your delusions and for not being able to provide a ready-made solution for 500 imaginary internet points, which pay nothing - but at least I can tell what is technically possible and what isn't - which effectively might save you lots of time, trying to accomplish the impossible.
I am looking to make an app that would have its Backend on another service like AWS or some other. This app would be having many features and functionalities.
But for chat feature, I am exploring options and wondering that would I be able to integrate Firebase in my app.
I have read about Firebase Functions to add more functionality at the backend and also the installation of Firebase Admin to servers.
But still I am not convinced about their capabilities and exactly what all I can do with them.
It would be great if someone who has experience with Firebase help me out figuring if going with it is the best case for me or is there something else I should look into.
So first you can't use Firebase in combination with AWS or Azure etc. Firebase is based on Google Cloud and is the interface between the mobile client (the running app on the client's smartphone) and the backend (your Firebase project).
What I use is, for example, Firebase Cloud Messaging, to simply notify one or multiple users by trigger an HTTP Request from my own web server.
I also made some apps to store the data in FireStore or in the Realtime-Database, so that I don't have to set up a whole new infrastructure. And this is basically the goal of Firebase that you can simply start with your app, without carrying about that.
So what I've heard about Firebase is that you currently cannot install Firebase on a server of your choice and you have to use Google Cloud.
Hopefully, you can do something with my answer. If you have further questions feel free to ask them.
I have been working on a web app and I am now looking into hosting said app. This app is a client-side app for right now meaning that all of the work is being done on the clients device and it has no backend other than the web server giving the site to the user for the first time.
I was looking into Heroku but that seems expensive for my app. Then I looked into Firebase Hosting and it looks good but requires the site to have static content. For now I'm pretty sure my app fits that criteria but in the future I would like to have users sign up for accounts and then store the info they give for the app data in a database. Would do database calls to a firebase database make the app non-static/dynamic anymore?
I know I could use Digital Ocean or another server provider but I want to be able to have scaling done for me so I can just focus on the app and not the containers themselves.
It sounds like you might want to build your app with Firebase Authentication for user logins, store data in Firebase Realtime Database, and host all the content on Firebase Hosting. You could probably write the code entirely in JavaScript to run in the browser, but if you did need to write some code on the backend, you could use Cloud Functions for Firebase.