I have a web app developed using Firebase. It is hosted by Firebase and my domain is connected to it. It uses Google as an identity provider for authentication. However, when signing-in via a popup, the Google 'OAuth consent screen' provides a link direct to the Firebase project.
Is there a way to make the link point to the associated web site?
Turns out there is an easy solution for my scenario. Just needed to set the authDomain parameter of config passed to the firebase.initializeApp() method to my domain (rather than the default <project-name>.firebaseapp.com value). Initially this will cause the OAuth screen to throw an error but it includes a link to a configuration page where I needed to add https://<my-domain>/_auth/handler to the list of authorization handlers.
Related
I have a firebase project set up where I am only using the firebase auth features. I have a react app that uses the firebase client-side javascript SDK for authentication and a custom backend + database that does not use any firebase features.
Currently when users are logging in with a popup flow, they see the auth domain "myappname.firebaseapp.com" as per the default firebase config. It all works great.
However, if I now want to set up a custom auth domain, what I've gathered from other answers is that I need to:
Add an authorized redirect URI in firebase console to point to my custom auth domain, say https://auth.myappname.com/__/auth/handler
Change authDomain in my client side code (firebaseConfig object) to my custom auth domain.
Is there anything else I need to do for this to work? How this can work out of the box without me having to write some custom redirect logic? If my react app is being served via static hosting like an S3 bucket, then I won't even have a server running. How is https://auth.myappname.com/__/auth/handler handling anything?
Much of the documentation online is talking about using firebase hosting or other firebase black magic which I do not want to use.
Any explanations appreciated..
So I have email link signin (password less) working for iOS and Android, but if a user requests the email and then opens it on a web browser, they see this message:
Error encountered
{"error":{"code":400,"message":"API key expired. Please renew the API key.","errors":[{"message":"API key expired. Please renew the API key.","domain":"global","reason":"badRequest"}],"status":"INVALID_ARGUMENT"}}
I need them to click the link using their mobile device in order for the authentication to work, but ideally I could provide a more graceful message here that tells them to open the link on the mobile device. Any ideas?
I've now got this redirecting to my own website. Long story short - for some reason my Firebase hosting site was not configured properly and thus this authentication url was not being handled as it should. Fixable by recreating hosting site or just creating an additional site under hosting and using that for the email action url.
What I did was:
Create an Additional Site on Firebase Hosting. I made it additional so I wouldn't have to worry about messing with the Dynamic Link setup that is currently working on the default site.
Then under Authentication > Templates in the Firebase console, I changed the action url to use the new site but still have the (__/auth/action?...) path after the domain.
Now, when this url is accessed via a desktop browser, the user is redirected to the continue url (specified in the action code settings of the mobile app) and I display what I want on this continue url.
I noticed that in my Google API console, Firebase created a new Browser key and that it is being used whenever this auth link is clicked. Perhaps this was the issue all along. I wonder if I somehow restricted the wrong key. Anyways, if you run into a similar issue, check your API keys and their restrictions and/or just create a new additional site in Firebase hosting and use that.
We are working on an application that uses firebase for authentication purposes. We implemented the authentication mechanism in our angular application and everything works fine. what we want now is to add custom claims to the JWT tokens generated once the user is authenticated. We know about the Admin SDK here:
https://firebase.google.com/docs/auth/admin/custom-claims
but this requires the addition of a web service. is there a way to configure firebase via the portal to add a default custom claim for all existing users and new users. what we want is to add an "id" field with random GUID. is it possible to use the Admin SDK to configure this behaviour once and for all?
Thanks in advance.
There is no way to add custom claims without using the Admin SDK. This requires that you run a script on a trusted environment, such as your development machine, a server you control, or Cloud Functions for Firebase. The latter is probably your best option if you want to do this regularly, and don't have your own server.
I'm working on a Google home application using an external API. I need the current user to be logged in and linked with the external API (access/refresh token provided by the external API).
My approach:
Setting up a firebase application
The google home app lives within the functions folder.
I would set up a page where the user would first sign in with his Google account using firebase.auth(), then his external API account (using the external API Oauth).
I would then create an entry in the firebase database to store, for each user, an access/refresh token provided by the external API.
This is where I'm a little confused and stuck. I've managed to setup the sign-in page (Google sign-in, then External API Sign-in) and store it the the firebase database (/users/{google_uid}).
Now that it's in the database, how do I set up the authentification in the Google home app?
Thank you!
First, you need to have a project in console.developers.google.com and activate the Google Actions API in your project. Then, you should follow these steps:
Whitelist the following redirect URI in your API:
https://oauth-redirect.googleusercontent.com/r/
In your API.AI project go to Integrations and enable the Actions on
Google Card.
In the setting of the Actions on Google, place your project ID and
select Sign in required for the welcome intent and any other
intent the user needs credentials.
Below, you will find the OAuth2 fields, like clientID, client
secret, authorization URL and token URL. Fulfill it with the OAuth2
information of your API and Authorize the application.
After you authorize, you can Preview the application and it will be available in your Google Home device, and when you invoke for the first time, it will provide a card in your Google Home app to do the linking. If you don`t have a device, there is a Web Simulator where you can test your Action.
For more information access the actions on google documentation.
There are a few issues with how you're thinking about account linking with Actions On Google and Google Home. Google Home doesn't give you direct access to the Google account - instead, it acts like a web browser and the account linking process requires you to issue an OAuth2 token to the Home "browser" for it to use in the future.
If you have control over the external API, and it issues OAuth2 tokens (which it sounds like it does), you can skip the Firebase portion completely. You just need to configure API.AI with the OAuth2 information for this external service - the client ID and secret, the URL for the login page and for the token exchange page, etc. In this case, your webhooks will be called providing the OAUth2 access token that you should pass on to the external API when you're calling it. The details are in the Actions for Google documentation Account Linking documentation.
If you do not have control over this API, you may need to provide a basic implementation of an OAuth2 server that can hand out auth tokens (either ones you create or ones that can be used to get the auth tokens from the external API). Your webhooks will then be called with these OAuth tokens, and you should use the token to find the token to use to access the external API. You have some options to implement this, and these options are discussed at OAuth2 Account Linking Overview in the Actions for Google docs.
I have an app buit with Firebase I want to deploy using Trigger.io.
In the App I'm using the auth.login('twitter') function.
What domain name shall I put in the Auth setting of my app?
Thanks a lot !
Following up on this thread in case anyone else is looking for the answer to this.
The OAuth-based authentication providers in Firebase Simple Login use pop-ups (via window.open(...) to initiate login flows, and window.postMessage to safely communicate between the two frames.
In order to enable these social, OAuth-based providers in Firebase Simple Login in the Trigger.io environment, there are a few steps:
Ensure you're loading the latest Firebase Simple Login client from the Firebase CDN, at https://cdn.firebase.com/v0/firebase-simple-login.js.
The Trigger.io environment support does not require an authorized domain configuration in Forge, but still will require that you configure your Facebook / Twitter / GitHub application to use the appropriate https://auth.firebase.com/auth/... redirect URL, as documented.
Ensure that any required Trigger.io JavaScript libraries are included (the forge global variable should be set in your application - test with console.log(forge) in your client code).
Lastly, and most important, the Trigger.io Tabs Module must be enabled in your application config.