How to remove myself from a Firebase project - firebase

I decided to try Firebase. When I go to the console, I not only see my own project, but two projects that I never created or was supposed to have access to:
Those projects seem to be created by a "Rohit Travel & Tours". I can see some of the details:
When I go to Google Cloud's resource manager, sure enough, the project is also there, along with a few "My First Project" projects that seem to belong to the same people:
I'm not sure why I got access to this. It's either a dangerous bug, or a clueless admin that added one of my emails to the project.
I'd like to remove that project since it's just clutter. However, I can't find a way to remove myself from the project, and since I don't have any kind of admin access, there's nothing I can actually change there. In fact, I can't find my account listed on any of the role/member fields either, so I'm not sure what's the real story there.
So far the admin emails listed on the accounts have been unresponsive when I requested that my account be removed.
There's no way to contact Google Cloud to request that either. Apparently the only way to contact them is with a paid support account of some kind.
So my question is: is there a way for me to ever remove myself from these accounts, so I don't see them on my panels, especially the Firebase dashboard?
Or am I stuck with these app accounts forever?

When such projects show up for me, it's usually because someone added a group that I'm a member of (like all#company.com) as a collaborator to that project. If that is the cause, there is no way to remove me/you as an individual user. One of the owners on the project will have to remove the overly broad group, and replace it by either a better targeted group or by the individual users.
Also see:
How do I remove myself from a project in the Google Developer Console?

Related

Firebase sign in with email link Suspicious/Dangerous

I have decided to switch my customer base over to email link sign in with Firebase rather than Google/Email/Apple that I was previously doing.
I got everything set up, tested, and all was working well. Since I have now released customer wide I am starting to run into issues.
Some customers, including gmail users are getting a Suspicious email alert due to having a firebaseapp.com link in it. Today, I created a brand new project for a customer and went to log in for the first time, Gmail as all good, but now Chrome is giving me a "Deceptive site ahead" error page saying this website does phishing (the subdomain is about 6 hours old).
Can anyone think of an appropriate solution for this, or will I have to do some URL rewriting?
It is frustrating the firebase URLs are so blacklisted across the internet(I have had to omit storage url links for pictures and make custom emails altogether since the domain is banned by Exchange), I would think this should be much easier than it is being made out to be.
When I first ran into the Gmail issue the only thing Firebase support gave me as a solution is to build my own custom email handler. In following that, I assume I would either need to rewrite the domain after generating the sign in link, which I am a bit hesitant to do in case there are domain changes in the future or I wondered if updating my email template domain will solve the problem. When I started this process I realized I needed to update my DNS records for this. The problem here is that I whitelabel apps and have 150 projects or so and each customer gets their own project. The management of this is really not feasible.
I have dynamic links enabled for all projects and use the projectid.page.link domain for them if there is some way I can get that to work as well.

How can I ensure my project ownership is secure in Google Firebase?

I am a beginner to Firebase as I've had a project (web-app) built for me by a developer on Fiverr.
Said website is hosted on firebase and connected to a custom domain.
The ownership has been transferred to me and I now own the project and it's custom website domain.
If thereotically a developer I work with in future wanted to "take over" my site is there any other protections I can put in place?
I just dont know if what I've mentioned above is enough.
Near project overview, you have an icon ⚙ > Project settings > User and Permissions. There should be your email address with role as owner. If there is a programmer, you can just remove him. But remember, you might not find a second one willing to change something in this code. And if you do, it might cost more.
If you're afraid he might be hacked and someone will delete your project, speak with him and give him a viewer role and just change it when you need some changes on your app.

Unknown Projects in Diaolgflow

I am creating a new agent in Dialogflow, and was asked if i wanted to create a new project or add to an existing project. Two projects were listed that I do not recognize.
I went into my Firebase console and do not see the projects. Any suggestions on where I can find these mystery projects and what I set them up for originally?
Posting the answer as OP confirmed in the comment section that it resolves issue.
thank you, the console.cloud.google.com link worked
One of the reasons why you are able to see different/3rd party projects in your account dashboard is because you were granted access to those projects as a viewer or editor role.
It can be checked in IAM which is reachable using this link to project IAM Dashboard.
Another possibility is being part of the specific group, which have viewer/editor role to other projects, it can be visible by filtering by group.

How to move custom domain from one firebase project to another without downtime?

I have a firebase project that serves live users through a custom domain. I need to move the custom domain to the new version of application that is running in a different firebase project. If I delete the custom domain and add it in another firebase project, how much time will it take to reflect the change? How do I minimize the downtime?
Checked with Firebase support. This can be done without downtime. Here are their instructions:
To delete your custom domain from the project, follow these steps:
Go to the Firebase Hosting console for your project, you will see
your domain.
Hover over your domain.
There's an overflow menu (three vertical dots) on the right. From the overflow menu, select "Delete Domain"
When you delete a domain, we don't immediately remove the domain from
our backend. This is because most of the time developers are moving
their domains from one project to another, and this feature allows us
to re-provisioned the SSL certificate quicker.
I was able to delete and add the domain to another project without any downtime. Thanks to the firebase team for being so thoughtful.
If it is just about moving the custom domain (no user sessions), and making a couple of other assumptions, like: the account used to verify the custom domain belongs to both Firebase projects, and that same account will move the domain, the change should be almost immediate, close to zero downtime. You should give it a try with a test domain, it's pretty straightforward.
If the goal is to have zero downtime, better ask Firebase Support to see if it's doable and how to do it.

Requesting extra permissions through Google sign in on Concrete5

We are currently trying to use Concrete5 to create an internal Intranet for the company I work for (this is a web-based server). What we would like to do is allow our employees to sign in using their Gmail and be able to see their personal calendars amongst other things on sign in.
I would like the employees to just sign in once, get automatically asked for granting permissions during the login, and then be taken to the home page.
I'm having trouble figure out how to modify Concrete5's built-in Google login to request these scopes. I am pretty bare-bones in my PHP knowledge and no amount of Google searching has really answered my question specifically for modifying the authentication for Concrete5.
So to sum up my question:
How would someone go about modifying Concrete5's Google authentication to request additional permissions? We are using 5.8.3 and are always updating as necessary, so modifying the core is not really an option to prevent overwrites in the future.
The best way to do that would be to copy the core Google login system to create a new one. You could call it Google Custom or anything you want. You could include it in the folder application/authentication or in a package, with the appropriate modifications.
But to be honest, if you're bare-bones in your PHP knowledge, it all might be a bit too difficult to achieve

Resources