I currently have some routes in Google App Engine's app that are protected using the Users API in Google App Engine. I've now been asked to support users that do not have a Google account.
It seems to me Firebase auth is the tool I need, but I can't figure out exactly how to integrate it:
I have made a login page, with the drop in auth solution, that redirects to one of my protected routes.
I expected the request for that page (after the redirection) to contain a token I could check in Google App Engine.
I know the initial auth step worked, because if I check Firebase auth on the client side on that new page, it works:
firebase.auth().onAuthStateChanged(console.log); // prints my email
Is there no way for the http requests to include the token so that I can check them server side?
Thanks!
Related
I have a firebase project set up where I am only using the firebase auth features. I have a react app that uses the firebase client-side javascript SDK for authentication and a custom backend + database that does not use any firebase features.
Currently when users are logging in with a popup flow, they see the auth domain "myappname.firebaseapp.com" as per the default firebase config. It all works great.
However, if I now want to set up a custom auth domain, what I've gathered from other answers is that I need to:
Add an authorized redirect URI in firebase console to point to my custom auth domain, say https://auth.myappname.com/__/auth/handler
Change authDomain in my client side code (firebaseConfig object) to my custom auth domain.
Is there anything else I need to do for this to work? How this can work out of the box without me having to write some custom redirect logic? If my react app is being served via static hosting like an S3 bucket, then I won't even have a server running. How is https://auth.myappname.com/__/auth/handler handling anything?
Much of the documentation online is talking about using firebase hosting or other firebase black magic which I do not want to use.
Any explanations appreciated..
I've developed an website in Flutter that I've deployed on Firebase. What I want to achieve is to redirect the user of an app to this website using an URL that also contains an JWT token because there will be some authenticated requests to be done on the website - but the website doesn't have any login page.
Is it possible to retrieve that token in order to be used in the code of the website?
If you're using Firebase Hosting, all traffic between the client and server goes over an SSL-encrypted connection, so the data can only be seen by the sender and received (unless your certificate chain is compromised).
If you pass the token in the URL, anyone can see it, as the URL is not encrypted. So you'll want to send the token in (for example) a header, such as the pre-defined Authorization header of HTTP. This is actually what the Firebase JavaScript SDKs themselves do to pass authentication information to the Firebase server.s
I am using the ADAL3 for authenticating on the Azure AD app. Then I use the AuthenticatedClient Async for logging into the Azure backend.
What is the correct strategy for consuming Azure backend and working with token? Do you call AuthenticateClientAsync before each call to the backend to be sure that if the session expires on the backend the token will be used to start the session automatically? What append if the memory save token is expired, do you manually ask users to login again?
Someone has a sample of an app that popup a login page then call some service and popup a new login page if needed?
Thanks for your help.
According to your description, I assumed that Azure Mobile Apps would be the approach for you to work as your mobile backend. And you could authenticate your customers with AAD and leverage the client SDKs provided by Azure Mobile Apps to communicate with your azure mobile app backend.
I would recommend you follow this tutorial for creating your Azure Mobile App and download the sample project for getting started. Then, you could configure your mobile app to use AAD login, details you could follow here. Moreover, more details about how to use the client SDKs for Azure Mobile Apps in your xamarin project you could follow here.
Someone has a sample of an app that popup a login page then call some service and popup a new login page if needed?
After logged via MobileServiceClient.LoginAsync, you would retrieve a JWT token issued by your mobile app backend and you could get it by accessing MobileServiceClient.CurrentUser.MobileServiceAuthenticationToken. And you could cache the token for reusing it. You could wrap the operations against your mobile app backend and catch the exception when the token is expired and manually call LoginAsync to ask the user for logging again or validate the token in your client side and re-login if the token is invalid before you send requests to your mobile app backend. For caching the token and validate the token, you could follow adrian hall's book about Caching Tokens. For wrapping the table operations, you could follow here.
I'm working on a Google home application using an external API. I need the current user to be logged in and linked with the external API (access/refresh token provided by the external API).
My approach:
Setting up a firebase application
The google home app lives within the functions folder.
I would set up a page where the user would first sign in with his Google account using firebase.auth(), then his external API account (using the external API Oauth).
I would then create an entry in the firebase database to store, for each user, an access/refresh token provided by the external API.
This is where I'm a little confused and stuck. I've managed to setup the sign-in page (Google sign-in, then External API Sign-in) and store it the the firebase database (/users/{google_uid}).
Now that it's in the database, how do I set up the authentification in the Google home app?
Thank you!
First, you need to have a project in console.developers.google.com and activate the Google Actions API in your project. Then, you should follow these steps:
Whitelist the following redirect URI in your API:
https://oauth-redirect.googleusercontent.com/r/
In your API.AI project go to Integrations and enable the Actions on
Google Card.
In the setting of the Actions on Google, place your project ID and
select Sign in required for the welcome intent and any other
intent the user needs credentials.
Below, you will find the OAuth2 fields, like clientID, client
secret, authorization URL and token URL. Fulfill it with the OAuth2
information of your API and Authorize the application.
After you authorize, you can Preview the application and it will be available in your Google Home device, and when you invoke for the first time, it will provide a card in your Google Home app to do the linking. If you don`t have a device, there is a Web Simulator where you can test your Action.
For more information access the actions on google documentation.
There are a few issues with how you're thinking about account linking with Actions On Google and Google Home. Google Home doesn't give you direct access to the Google account - instead, it acts like a web browser and the account linking process requires you to issue an OAuth2 token to the Home "browser" for it to use in the future.
If you have control over the external API, and it issues OAuth2 tokens (which it sounds like it does), you can skip the Firebase portion completely. You just need to configure API.AI with the OAuth2 information for this external service - the client ID and secret, the URL for the login page and for the token exchange page, etc. In this case, your webhooks will be called providing the OAUth2 access token that you should pass on to the external API when you're calling it. The details are in the Actions for Google documentation Account Linking documentation.
If you do not have control over this API, you may need to provide a basic implementation of an OAuth2 server that can hand out auth tokens (either ones you create or ones that can be used to get the auth tokens from the external API). Your webhooks will then be called with these OAuth tokens, and you should use the token to find the token to use to access the external API. You have some options to implement this, and these options are discussed at OAuth2 Account Linking Overview in the Actions for Google docs.
Is it possible to use a Firebase Hosted site with OAuth 2.0 for a third party API? I would like to use the Quizlet API. This requires an OAuth 2.0 redirection flow and a custom state parameter.
State: A random string generated by you. You send us this, and we'll send it back to you, and you verify that we send back the same thing you sent.
You must send and verify this value in order to prevent CSRF attacks.
So for example:
https://quizlet.com/authorize?response_type=code&client_id=MY_CLIENT_ID&scope=read&state=RANDOM_STRING
This would take the user away from my Firebase Hosted page and then they would authenticate. Upon authentication, Quizlet would send me back to:
REDIRECT_URL/?code=GENERATED_CODE&state=YOUR_STATE&expires_in=60
Can I somehow catch these URL query parameters in my Firebase Hosted site or its Angular code?
Thanks!