can I ask ...how to download p12 certificate from firebase ?
because I want to implement push notification on my own notification manager with that certificate
Optional. Editor Setup for restricted access.
If you choose to use rules that disallow public access, you will need to configure the SDK to use a service account to run in the Unity Editor. This will also allow you to impersonate end users while testing. To do this first create a new p12 file via
https://console.cloud.google.com/iam-admin/serviceaccounts/project?project=YOUR-FIREBASE-APP
Related
I am building a Firebase application (using Firestore) which needs to support custom authentication via single sign on through a third party system.
In the past, I have done this type of integration with my own authentication system. To do this, I installed the Firebase Admin SDK on my own server and used the secret key to sign a JWT that was passed back to the client, which then could be used to grant access to the Firebase application.
However, since the Admin SDK grants full access to the Firebase app, I have concerns about handing those keys over to another party. Is there a way that I can provide a secret key that grants more limited privileges to the third party? I want them to be able mint JWTs for their users to access the app, but I don't want them to be able to directly read/write from my database.
I think I've solved this by taking the following steps...
1) Access the Firebase project's IAM admin tools
2) Create a new service account for the project in the "Service Accounts" section.
3) Create a custom role in the "Roles" section and give it access to all of the Firebase Authentication privileges: https://firebase.google.com/docs/projects/iam/permissions#auth
4) Assign the custom role to the service account in the "IAM" section of the admin interface.
5) Go back to the "Service Accounts" section and create/download a private key for this service account.
6) Use this key as the credentials for the Firebase Admin SDK and create a custom token using the process detailed here: https://firebase.google.com/docs/auth/admin/create-custom-tokens
The SDK should permit creating a custom token, but it will return errors when trying to do other actions such as accessing the project's database.
My program should allow offline login.
To do these, I trying to save password hash which created by Firebase Auth.
Then offline acquire email and password from login screen, authenticate by password hash which saved at local.
I can find export firebase auth to csv document.
To implement my use case how I do that?
If you're trying to get a list of all users and their password hash from Firebase, you can do so through the Firebase Authentication Admin SDK's listUsers method. For security reasons this SDK only runs on a trusted environment, such as your development machine, as server you control, or Cloud Functions
I want to change user password form admin. Users are login with firebase email and password option. Admin is also login with firebase. How can change the user password with web api?
There is no way to change another user's password with the client SDK.
Firebase Authentication doesn't have any concept of an admin user. That means that it can't grant special privileges to a user that you consider an admin.
There is however an Admin SDK, that runs with administrative privileges, and has the option to change the password (and other profile data) of any user in the project. This SDK is meant to be used on a so-called trusted environment, such as your development machine, a server you control, or Cloud Functions.
You could wrap the Admin SDK in an API endpoint that you can call from your web client code. Just be sure to check in the custom function whether the user is authorized to change the password.
I would like to only allow authenticated user from one project to be able to read data from another project, but nobody else can access the data.
How can I accomplish that ?
Thank you
Auth does not transcend project boundaries. You will need to authenticate the user into the project whose data you want to access. If you don't want to / can't do so directly, you will need to verify the token of Project A and then mint a custom token for Project B in a trusted environment such as a Cloud Function.
Regarding the Firebase Realtime Database Admin SDK, in JAVA:
I have some info, in the database, which is not secret, and I allow its reading by unauthenticated devices. But I also need to let any third-party SERVERS read this info.
However, how can a server, using the Admin SDK, connect to my database without credentials:
FirebaseOptions options = new FirebaseOptions.Builder()
.setDatabaseUrl("https://xxx.firebaseio.com/")
.build();
The above code doesn't work:
java.lang.NullPointerException: FirebaseOptions must be initialized with setCredentials().
The error message is telling you that you need admin credentials to initialize the SDK. That's because the implication with using the Admin SDK is that you want admin access to the resources in a Firebase projects. If you don't want admin access, don't use the Admin SDK. Instead you can use the REST API.