Can Firebase be used without clients logging in? - firebase

I am working on a project that might use Firebase only for messaging. The goal is for the following to happen:
App registers with Firebase on startup
App sends Firebase token to our server
Our server sends Firebase messages to all clients via the token from step 2
Note there is no step where the user will log into anything or enter any credentials. I am a little confused if this is possible in a production app, as most Firebase documentation talks extensively about different ways to authenticate, either via username/password, OAuth, etc.
The server will be sending different messages to different clients, but that logic will be handled by the server and not by different types of registration to Firebase. I know Firebase supports groups, but to make a long story short it probably won't be leveraged.
Can all this be done on Firebase? Is GCM a better match for these requirements? I feel like we would be throwing away 95% of Firebase and just trying to force it to simplify the messaging part.

Firebase Authentication does not at all affect the way that Firebase Cloud Messaging works. FCM only cares about the token for the app on the device as a means to target the app for messages. It doesn't care at all if the end user is authenticated by any means. If you want to associate a token to a user somehow, using Firebase Authentication or some other system, that's up to you.
FCM is an evolution of GCM. They are powered by essentially the same components. Using GCM doesn't give you any additional constraints or flexibility than FCM, except for the path to integration in your app.

Related

Firebase Admin SDK security best practice for push-notifications

I want to let my customers send push notifications to their users. I am using Firebase Admin SDK for that, which requires the "service-account.json" file. For security reasons this file should not be shared with others. How could I make this feature available to my customers, without sharing any "secret" information?
If you want to allow your users to send push notifications, you'll have to make a custom API endpoint that you can call from the application they use. It's quite common to use Cloud Functions or Cloud Run for this, but any trusted environment you may already have can work too.
By running the code that sends the message in an environment only you can access, allows you to securely use the Admin SDK that has full administrative access to your Firebase project.
Then when this code gets a request from a user running your app, it needs to check whether this user is authorized to send this message to the user(s) they are trying to send this to. Exactly how to check authorization depends on your app, but some things to consider:
Is any user allowed to send a message to any other user, or is there some mechanism where they opt-in to receiving messages from each other?
Can any message be sent, or is there some mechanism that validates the messages, for example by detecting whether any foul language is used?
These are just some examples of the types of checks you might want to do, and the actual list completely depends on your app and its use-cases.

Where do I need to integrate FCM, front-end or back-end?

So i'm making an app using React JS, Cordova, node backend and a mongo database. I want to integrate firebase cloud messaging (FCM) into my platform. I'm quite new to firebase, and developing in general, and i'm not quite sure where to initialise firebase. I currently have it integrated into the front-end and it's requesting permission to receive notifications, generating tokens, and receiving messages from the firebase console. However i'm not entirely sure where to go from here. Do I add it to my backend as-well?
If you can receive messages in your client app, your front-end work is done for the moment.
But to send messages programmatically, you will need to write back-end code indeed. That's because sending messages through FCM requires that you specify the FCM server key to the API, and as its name implies that key should only be used in a trusted environment, such as your development machine, a server you control, or Cloud Functions.
For more on this, have a look at:
The architectural overview of FCM
The documentation on your server and FCM
My answer to How to send one to one message using Firebase Messaging
You have to get the FCM token from the frontend (or, client app).
After getting the token, just send it to your backend server using a POST method.
Then, store the token in whatever database you're using in your backend. It can be MongoDB, PostgreSQL, etc.

Is Firebase Cloud Messaging indicated for social activity messages

I need to handle social activity events in my web app application developed using Vue JS framework and Firebase.
I want to show to the user “Facebook like” notifications when some activity happen in the application, for example:
“John liked your post”.
Is Firebase Cloud Messaging useful for this scenario? Or do I have to develop some custom solution from scratch?
If Firebase Cloud Messaging do the job, is it possible to send messages directly from user web client?
You should not try to send messages directly from the web client. FCM is intended to be used via a secure backend where your code runs to send messages. The reason a backend is needed is to prevent your private server key from being exposed to the world, which can cause security issues in your app.
You will have to arrange on your backend to determine when events occur that should generate messages, and use the Firebase Admin SDK to send those message, or work with the REST API directly.

Authenticate IoT Appliance Using Firebase Auth

I can't figure out how to authenticate my IoT appliance to call Google Cloud App Engine APIs I've written using Firebase Auth.
We currently do this with our browser app using Firebase Auth tokens. We use the username and password to issue a token and then use that token during the life of the session to access APIs from our browser app.
This doesn't translate well to our IoT appliance as there is no username/password - so we are thinking we will need to use Firebase custom tokens. Unfortunately these tokens expire every hour - so we will need to use the Firebase Auth APIs to renew the tokens automatically - we think this is the way this works based on documentation.
A constraint we have is that this appliance doesn't have any user experience but instead needs to be able to restart at any time and reestablish it's authenticity with the server by retrieving a fresh token.
I'm having a hard time finding an example of how to do this - and I'm hoping someone can give me a simple example or some clear direction on how to keep a authentication token current while the appliance is on and establish a new one if it needs to restart.
Thanks!
Have you looked at Cloud IoT Core as an option? It handles the authentication piece for you without user/pass (uses JWT), and is designed for IoT. A quickie Cloud Function can bring your telemetry data into Firebase/Firestore very easily.
Another option would be to create a service account with permissions to write to AppEngine. Check out this link: https://cloud.google.com/docs/authentication/getting-started for some documentation on how to authenticate using a service account.

Should I deploy Firebase Cloud Messaging server myself?

I've read the document about FCM, but I wonder if I should deploy a FCM server myself. Does the google cloud platform not provide FCM server? Or do I must implemented my own FCM server refering to the official reference implementation, gcm-playgroud?
It depends. (How's that for an answer?)
By "server", I'm assuming you mean, "Code I will be running on the server level to communicate with the FCM service". And honestly, the answer depends on whether or not you need extra functionality that's not supplied by the Firebase Notifications panel.
You can do a lot with Firebase Notifications, including sending scheduled messages, or sending messages to individual users, topics, or Audiences. But that is work that is done manually. If you just want to send the occasional promotional message to your users, you shouldn't need a server.
On the other hand, maybe you've got a messaging app and you want to send a notification to your user anytime they receive a new message. Well, that's clearly something that needs to be automated, and that requires some server-side code. So for that, you will need to set up your own server that communicates with FCM.

Resources