I have found the tutorial Using Firebase to authenticate users that explains how to authenticate users with Firebase to access different services.
However I haven't found how to enable Firebase login for the whole Google Cloud Endpoints portal page (like for example https://endpointsportal.ourproject.cloud.goog/).
How can I achieve this?
I think the only identity supported today is GCP meaning Cloud Endpoints Portal doesn't support 3rd party sign in. You can use Firebase to authenticate against the API, but not to log into the portal.
Related
I can't figure it out which role/s do I need to have on one of my client's Google Cloud Platform, to do the following:
- Connect and Manage a Firestore database to their Firebase app.
- Use the Google Cloud Firestore API from an external app.
There are so many roles... Any help? :)
I have already Firebase Analytics Admin but when I tried to access the Firestore through Firebase I get the message "To manage Cloud Firestore, ask a project owner for the necessary permissions".
Thanks!
According to the Firebase product-category predefined roles documentation, the only role that has full read/write access to Cloud Firestore is:
Firebase Develop Admin - roles/firebase.developAdmin
Regarding the access to the API, the app will be able to access it using either a Firebase Authentication ID token or a Google Identity OAuth 2.0 token as per referenced on this documentation.
In order to set up Firebase Auth, this link might be of help and for OAuth check this link.
I see firebase has no server authentication API's added in the Firebase Admin but has only user management (CreateUser and UpdateUser).
Firebase only offers signin through client libraries where it depends on Google Identity Platform (https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword)
After exploring further I ended up finding Firebase Auth REST API over (Implemented it too and works great) here.
This API reference is great for implementing Auth through REST API and avoiding dependency on client libraries. As this helps in having complete server side authentication through cloud functions.
Coming to the pricing, Firebase mentions that Auth costs nothing where as Google Identity platforms has really high pricing.
So would like to know what Firebase team has to say on this or any one who explored this.
Is there a way to implement multi-factor authentication on Firebase Authentication? From my research it seems impossible since Firebase authentication has public REST api of which, assumingly, someone knowing API_KEY and user's email/pass could directly sign in to that user's account using
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[API_KEY]
Thank you
Update: June 2020
From March 12, 2020, It is now possible to set up multi-factor authentication using SMS as 2nd factor with Firebase for Google Cloud Identity Platform projects but this is a paid service. This article shows you how to add SMS multi-factor authentication to your web app.
I am quoting from github firebase repo. here.
Firebase Auth does not support multi-factor authentication. FirebaseUI
cannot support this feature until the underlying SDK supports it. For
2-factor auth, 2 credentials need to be passed to get a Firebase ID
token. Currently, one is enough to get an ID token. You can submit an
official request for multi-factor auth with Firebase support.
However Multi-factor authentication itself works fine with Google account and FirebaseUI if it is enabled from Google settings.
hope it helps.
Firebase Authentication with multi-factor authentication should soon be available according to this Google I/O video
Firebase Authentication now supports Multi-Factor Authentication, but it only works for apps using Google Cloud Identity Platform, which is a paid service.
The logic is:
You ask the user to sign in with one of the providers bellow and also ask them to verify their email.
Email and password
Email link
Google
Google Play
Facebook
Twitter
GitHub
Microsoft
Yahoo
LinkedIn
You ask them for their phone number so you can send them an SMS as the second factor.
In order to enable MFA in your app, you'll need to enable the Identity Platform API. Note that this will also enable billing on your GCP Project, so you'll need to add credit card details.
Documentation links: [Web] [Android] [iOS]
Firebase should be now having Multifactor auth:
https://firebase.google.com/support/release-notes/js#version_7110_-_march_12_2020
https://cloud.google.com/identity-platform/docs/web/mfa
MFA in Firebase Auth officially landed on July 26, 2022. Here is the blog post that introduces it: https://firebase.blog/posts/2022/07/new-firebase-auth-features
Here's their official documentation: https://firebase.google.com/docs/auth/web/multi-factor
I've been playing around with the Google Drive API with a view to building a small ASP.NET app which allows online collaboration on simple documents.
I have built a test app which uses a service account to upload and access files in Drive for my Google Apps account. I wanted to use a service account because the idea I'm working with will not be viable if collaborators have to authenticate with Google accounts.
The next step is investigating the Google Drive Realtime API. The tutorial at that link uses a web application client ID and requires that you authenticate your Google account before you can edit the example text file.
Do you know if it's possible to use a service account here so that changes are made in an anonymous context? If so, can you point me at an example because my Google searches aren't helping.
The realtime API does not allow anonymous access. All users must have a Google account.
Since few day I am trying to get user profile with my C# using Using OAuth 2.0 for Server to Server Applications with JWT.
For google drive i know that we can use server to server method, but i am not sure for Google Analytics. Can we use it ?
Yes you can!
Service Accounts
Useful for automated/offline/scheduled access to Google Analytics data for your own account. For example, to build a live dashboard of your own Google Analytics data and share it with other users.
There are a few steps you need to follow to configure service accounts to work with Google Analytics:
1. Register a project in the APIs Console.
2. In the Google APIs Console, under the API Access pane, create a client ID with the Application Type set to Service Account.
3. Sign-in to Google Analytics and navigate to the Admin section.
4. Select the account for which you want the application to have access to.
5. Add the email address, from the Client ID created in the APIs Console from step #2, as a user of the selected Google Analytics account.
6. Follow the instructions for Service Accounts to access Google Analytics data.
Source: https://developers.google.com/analytics/devguides/config/mgmt/v3/mgmtAuthorization
Not yet. See Service Accounts have arrived.
Service accounts are currently supported by the following Google developer services:
Google Cloud Storage
Google Prediction API
Google URL Shortener
Google OAuth 2.0 Authorization Server
Google APIs Console
Google APIs Client Libraries for Python, Java, and PHP
Over time, more Google APIs and client libraries will be supported.
Sign up for Google Developers Blog and the Analytics Blog feeds. They will post when GA is opened to service accounts, if it ever is.