i'm making an app with Ionic and using Firebase for user authentication.
I'm trying to make a Facebook login using the Firebase API:
var provider = new firebase.auth.FacebookAuthProvider();
this.afAuth.auth.signInWithRedirect(provider);
It works perfectly in the localhost. But when i build the app and send it to the AppStore (TestFlight), it gives me this error:
This domain is not authorized to run this operation. Add it to the OAuth redirect domains list in the Firebase console -> Auth section -> Sign in method tab.
What domain should I enter in the authorized domains list for the OAuth work in the AppStore/TestFlight?
Related
Background
We are building an app which authenticates end user using Firebase Authentication (backed by GCP Identity Platform). At the same time, we leverage some Google API of which permission is set based on IAM Role/Principal. That means the API call is valid only if the caller calls the API with a valid access token of authorized IAM Principal.
According to Doug in this post: How to add Firebase auth user to GCP IAM access policy "IAM doesn't know anything about Firebase Authentication users."
Already tried: Add the Firebase user as an IAM Principal when it's created. It works only for the user signs in user Google account. Otherwise, IAM will throw error "Email addresses and domains must be associated with an active Google Account, Google Workspace account, or Cloud Identity account."
Question: Is there any recommended way to authorize Firebase user accessing Google API? Do I need to build a customized authorization layer in Firebase to keep track of who can access what. Then, use that as a guard to relay the requests to the underlying Google API only if the user is authorized by the authorization logic?
I get the following error whenever I try to Sign In Using Google. I am using the Firebase UI.
"Add it to the OAuth redirect domains list in the Firebase console -> Auth section -> Sign in method tab."
What does this mean?
It sounds like you didn't yet set up your own web URL as an Authorized Domain in the Firebase console panel for Authorized domains
.
i have built a webapp using angular material and firebase functions + realtime DB as the backend. I am using slack "Sign in with Slack" API oauth flow. All works well and i am able to generate a accessToken in the backend which i can store against the user in the realtime DB. Once that is done i make a redirect call to my angular app on the dashboard page. Currently i am passing userid in the redirect url which i use to drive user to dashboard and show his data.
This functionally works fine but is a big security issue. As i can directly type the redirect url and boom. I am in the dashboard.
So, how do i solve this? What should i be doing in the url redirect that is secure and validates the response is the the result of a valid request?
I am not familiar with the Slack OAuth SDK but in general, this is true for all OAuth providers. Ideally, at the point where you redirect to your callback URL with the slack authorization code and you exchange the auth code for a Slack access token before returning that access token to the client, you call the Slack API to get the Slack user ID with the access token and then mint a Firebase custom token with that uid. You then return that custom token to the client and signInWithCustomToken. Make sure you are checking the state field (which you set when started the Slack sign in) along with Auth code to verify that the flow started and ended on the same device.
I have an ionic app using firebase auth. In one page, I have in-app-browser to open a website which allows the user to save some items to their collection. How can I pass along the auth info to this external website, so the user doesn't need to log in again? (i.e. how the external website knows it's the same user who has already login within the ionic app)
long time user. Went to create a new app with the new console. Working on localhost. Added localhost to Authorized domains which I have done a hundred time. Not allowing access. Asking me to add domain. You having launch issues?
When I migrated, Google created a new OAuth client ID for me with a new secret key etc. The new client ID had 3 authorized javascript origins:
http://localhost
http://localhost:5000
<my project's URL>
I had to manually update my Firebase project with the new client ID/secret. To do this, I logged into my project in the new Firebase console, clicked 'Auth' in the lefthand menu, selected the 'Sign In Method' tab, then Google, then Web SDK Configuration.
After that, it worked.