After having issues with crashes in Android O and also seeing that GCM is fully deprecated we are trying to migrate to FCM. Keep in mind I did zero of the setup on this project, so I'm just trying to follow the migration guide. Our server side team is very busy right now, so I'm trying to make it as easy as I can for them.
So someone gave me owner permissions on the Google APIs dashboard for the project, where I can see that Google Cloud Messaging is enabled. So I gave owner permissions to an account we now use for all of our mobile online accounts and consoles.
Then I logged into the Firebase console, but when I click "add project" I do not have the option to import the existing GCM project, as the docs seem to say I should. It also doesn't show up for my personal work account either, even though it is also an "owner" account. I was really hoping to migrate this way so that we might not have to get new api keys.
However, I do see in the Google APIs dashboard that I can "enable" FCM from there. Will this create the Firebase project for me and if so will it generate new keys or can we use the old ones?
OR is it actually better to just create an entirely new FCM project?
Related
For the last couple of days, I have faced an issue with my Unity project regarding adding Google and Facebook authentication for my users, using Firebase. The thing is that there exist a couple of youtube tutorials for each of those two implementations but they are quite misleading and rushed.
Apart from that those tutorials refer to the creation of a new project which implies that the Firebase Auth package is not yet installed. And I mention this because I've seen plenty of people in the comments that are struggling with the Plugins and Parse folders that get overwritten whenever both Firebase Auth and Google or Facebook packages are installed. So there does not exist a rule of thumb on how to proceed in cases where projects already had other methods of authentication such as Email/Password.
Of course, the documentation for both Google and Facebook is unclear on how to get the access token.
Facebook SignIn doc: https://firebase.google.com/docs/auth/unity/facebook-login?hl=en&authuser=0
Google SignIn doc:
https://firebase.google.com/docs/auth/unity/google-signin?hl=en&authuser=0
I've made this post in order to find a step-by-step solution to my problem and hopefully help the community find a solution to a problem that concerns many developers.
[Edit]: My question is. How exactly do I implement the Google & Facebook Sign-In, based on the documentation, that is unclear, especially on the step
Follow instructions for Android and iOS+ to get an access token for the signed-in Facebook user.
And I am speaking for a project that already has imported Firebase.Authentication, which means that folders such as Plugins and Parse are already in the Assets and get overloaded from the packages requested by the 'tutorials' (Because the docs do not even mention what package to use and how).
[Edit]: As of right now I've managed to set up the code in a way that has no errors. When I run it though I get:
[Android]: Exception: Field currentActivity or type signature not found.
[iOS]: EntryPointNotFoundException: GoogleSignIn_Create
After some googling, they proposed testing it after I build it which I think is way too much time-consuming.
This is the answer I've got from Firebase support.
First of all, we need to note that Firebase only has three native authentication providers: email, phone, and anonymous authentication. For the other methods, Firebase needs to trust how their respective third-party providers handle their authentication flow. That's why Firebase can't offer a way to get the access token. This is not its responsibility.
So, to sign in with a Federated provider (FP) you must follow the following steps.
Think about which will be your target mobile platform. Not all the FP provide the same authentication flow on iOS or Android. For example Google offers a more handy way to authenticate Android devices by using Google Play Game Services
Authenticate in Unity Using Google Play Games Services | Firebase
Search on his FP's official GitHub repository for the official plugins to get access to the FP's SDK on Unity. For example, Google offer a useful plugin to authenticate user in both platforms
GitHub - googlesamples/google-signin-unity: Google Sign-In API plugin for Unity game engine. Works with Android and iOS.
Last plugin's release: https://github.com/googlesamples/google-signin-unity/releases/tag/v1.0.4
Examples - Unity SDK - Documentation - Meta for Developers
Create the FP credentials according to its own requirements. For example, Google login requires the use of web_client_id, which can be obtained from the google-services.json or GoogleService-Info.plist files needed to build the application on the target platform.
https://github.com/googlesamples/google-signin-unity#get-a-google-sign-in-configuration-file
https://github.com/googlesamples/google-signin-unity#using-this-plugin-with-firebase-auth
Once you've built the FP's credential into your project, it's time to check out our Firebase documentation for using the FP credential in our authentication flow. I recommend having the Firebase reference along with the documentation as it will help to know what arguments the required method needs.
The best way to test your new authentication provider is by implementing the Firebase Authentication Unity Quickstart. Please clone the Unity Quickstart repository here and deploy the Unity project found in the auth folder. Follow the steps mentioned in the README.md file and build the app on your target platform.
I recommend that you add the FP's SDK right in the same step as adding the Firebase SDK plugins to avoid some build issues. Since these errors are more related to Unity than Firebase, I recommend reaching out to our communities on StackOverflow, Google Groups, and Slack for help with these issues as they have more knowledge than I on those topics.
So, in conclusion, getting credentials from third-party providers is a task delegated to them and not to Firebase since this one is not responsible for any third-party authentication flow.
I added an option to sign in with Google but, to my understanding, it only works for me because my SHA-1 signature is in the Firebase settings page so it'll only work for me but not for them.
We're a team of 10 people and I don't want everyone to start adding their own signatures if possible.
Is it at all possible to make this happen in debug mode? We're not in release yet.
P.S if I'm wrong about the reason and it should work fine with only my SHA-1 fingerprint, what is the issue?
I'm not sure if it's different if we deploy the app on play store, but if you've not deployed yet and just downloaded the apk from Android Studio / VS Code then anyone with a valid Gmail account can sign In.
I've also developed google sign in for my app and people are able to login.
Can you share the setup and code it can help us to narrow down the issue.
I see this question has already been asked but not all that recently so I am bringing it up again.
How do you hide your firebaseConfig file, or any secret key, in an expo application? (For production, not dev).
As far as I can tell, there is no way to properly hide the firebase config file with API keys etc in a react-native expo app.
Being that I have already built my entire app around interacting with firestore, I am a bit perplexed as to how to proceed forward.
If I eject, is there a way to properly hide my API key in a non-expo react-native-app? Or will I still face the same problem? Everything is working smoothly and I would prefer not to eject.
I have some experience using node.js/express.js as a backend (only ever in a development setting). Should I build myself a server and then serve the config info from there?
If I want to deploy a 'demo' app, is there a way to hide the keys while still using expo?
Any insight into this would be so helpful.
As far as I am aware there is no 'dotenv' package compatible with expo.
Also I have zero experience in deploying mobile apps, and very little in deploying web apps. I have not yet had to deal with securing keys in deployment.
Any help would be so appreciated.
It's not possible to effectively hide your Firebase config information. The best you can do is make it more difficult for someone to find them. Since all the JavaScript code is running on a computer or device that you don't control, you can't ensure that any of it is hidden from view.
In fact, you don't need to hide any of that. I suggest reading this: Is it safe to expose Firebase apiKey to the public?
If you're using Realtime Database, Firestore, or Cloud Storage, you should be using security rules to protect data so that only authorized users can access it.
Google just released Firebase 2.0.
It seems they are completely separate platforms.
Firebase: https://www.firebase.com/
Firebase 2.0: https://firebase.google.com/
APIs are also different.
Firebase: https://www.firebase.com/docs/web/api/
Firebase 2.0: https://firebase.google.com/docs/reference/js/#firebase
Could someone explain the differences in the core concepts on both mobile and web?
I've been building an app using old Firebase.
Should I change my codes to use Firebase 2.0?
The new version of Firebase is the same platform - it just adds a whole range of new features, so the big change to the core concepts is an expansion of what you can do.
The Realtime Database offers the same functionality as before, but with a refreshed API and a new console. You can keep using the same approach and data model as before, and the API changes are largely cosmetic (renaming to be consistent with the newer features).
Authentication is pretty similar, but it has been expanded to include new features like account linking and customizable emails. You should be able to upgrade your application to the new SDKs and console pretty easily: take a look at our migration guides for Android, iOS and the web.
You can import your project at any time. Your applications and the existing SDKs will continue to work. You can then update your code when you are ready to use some of the new Firebase features in your application.
The new concepts are really around the new features:
Analytics is a new mobile-first analytics product that gives free and unlimited event reporting, and allows building audiences which can be used in many other services.
Storage allows you to store and serve user-generated content, such as photos or videos.
Remote Config allows you to change the behavior and appearance of your app without publishing an app update.
Cloud Messaging is a cross-platform messaging solution that lets you reliably deliver messages and notifications at no cost. Notifications gives you a tool in the Firebase Console to send re-engagement messages easily.
Crash Reporting lets you collect crash data from your Android and iOS apps, to find and fix problems more quickly.
Dynamic Links are smart URLs that dynamically change behavior to provide the best experience across different platforms. They allow you to use deep links that survive app installs on Android and iOS.
Several existing Google products have been integrated into Firebase as well
Invites replaced AppInvites, giving easy way to sending personalized email and SMS invitations. App Indexing gets your app into Google search.
Firebase now also integrates with AdWords to let you target ad campaigns with Analytics audiences, and AdMob to automatically track in-app ad effectiveness.
Its a lot of new features, but you don't have to try them all at once! Once you upgrade, its straightforward to pick and choose.
>>>> BACKGROUND ON THE ISSUE <<<<
We were using Google Apps for Business when we started with the project. This allowed us to use the Google Developer Console (https://console.developers.google.com/) with our #company.co.za accounts and also to “login with Google” using our #company.co.za accounts. It turns out that the Google Developer Project (where the API keys are) was created using an ex-colleague's #company.co.za Google account.
When we moved from Google Apps for Business to Office 365, we lost the ability to login to the Google Developer Console with our #copany.co.za accounts. By then the colleague wasn’t working here anymore and I guess it all happened so quickly that we didn’t make sure to tie up all the loose ends.
Now we need to transfer development of the app and subsequently all related 3rd party projects and things, to the client for future development, but I cannot access the Google project.
This will require them to create a project on their side, generate new API keys for using the Google Maps API etc. And then update the apps (Android and iOS) with the new API keys.
>>>>> THIS IS MY QUESTION <<<<<
However, and this is where my question comes in, the apps are still working and happily accessing Google Maps. This makes me think that the project must still be somewhere.
I tried to access the Google Help pages, but because we're on a Bronze package, we can only find support information in their developer communities and online documentation listed here:
Join a Community
Service Disruption Notification
Best Practice Guides
But I thought to ask here too because SO is very reliable with answers :)
So, any idea if the project is still live somewhere? Or should we just create a new project with new API keys?
I don't think this is a stackoverflow question since it's not directly programming related. However, if you want to regain access to you project, this should be fairly simple and i hope this helps:
Create a new Google Apps for Business account with your domain (or maybe your old apps domain still exists?) and a single account. If you choose monthly payment the costs will be only a few bucks.
As the Google Apps domain administrator you should be able to access all appengine projects that belong to users of the same domain. If it doesn't you can contact Google support to reassign the projects. Alternatively: You may be able to recreate an account that owned the app. If you don't know the owner email, it is shown in the consent screent for oauth. With that email, try to access the project.
Create a Gmail account and transfer project ownership to this Gmail account
Delete the Google apps domain to avoid additional costs
All this is doable within an hour.
In case it doesn't work i would suggest you contact your Google sales representative or reseller and tell him, that you would like to purchase silver level support, but only if he can restore the permissions for you. This will cost you more, but if you have to access the project it may be the only way.
Last but not least:
You can contact Google support. You don't need silver level support for that. It will just take a lot longer to process your request. While in contact with the Google support you will have to prove that you are in fact the owner of the domain, which is usually done by adding a TXT record to your domain or uploading a file to your web server, so make sure you have access to your domain's DNS zone files / settings or web server document root.