How to use an existing GCM token within another Firebase project? - firebase

Lets say I have Google Cloud Project (GCP1) with GCM turned on with Client id P1.
Now I have created a standalone Firebase project F2 WITHOUT importing it to GCP1. I have also released F2 to production. (Alternatively, I have imported F2 from an existing firebase.com project into the new Firebase console).
I use a backend server to send push notifications. When I send a push to a GCM token generated via GCP1 from the F2 project, it fails (naturally) because of incorrect client ID. Are there work-arounds to enable use of GCM tokens generated for P1 within F2?

When sending messages from your back-end server, you need to authenticate the request with the API-KEY associated with project (sender-id) used to generate the GCM/FCM token.
Due to security restrictions here are no workaround for this.
For existing GCM users the best migration consists in importing the old project into the Firebase Console. This will allow you to target both old and new client, since the sender-id will not change
Steps here: https://developers.google.com/cloud-messaging/android/android-migrate-fcm
If that is not option (you have already created a new Firebase Project distinct from the previous Google Cloud Project) you have two possibilities:
Easier and recommended approach: change your back-end to store which client originated the gcm/fcm token. Then use the correct API-KEY when sending messages from your back-end. (the API-KEY associated to the old project for old clients, and the new API-KEY for new clients that are using the new Firebase project).
If you cannot change your back-end at all: in FCM you can create an additional token for the old SenderID, using the API:
FirebaseInstanceId.getInstance().getToken("old-sender-id", "FCM")
Because this token is associated to the old-sender-id your back-end will be able to send messages to it using the API-KEY of the old project.
Note: this doesn't affect the Firebase Console which is based on the new-sender-id.
That console will be able to target only the new clients that are including the firebase sdk and the associated google_services.json file.

Related

Prevent front-end generated email sign-in links when generating and sending these via backend

I am using firebase admin sdk on the server to generate sign in links and send them out via custom SMTP api.
I just glanced at https://firebase.google.com/docs/auth/limits and I am well within these, but I believe there is nothing stopping a malicious third party from creating/requesting sign-in links via front end code. Is there a possibility to disable this functionality so it is only available to admin acc?
Additionally, I'd like some emails (i.e. multi factor enrolment) to not be possible, but again, given that someone can obtain some of my firebase front end details, they technically can send these?
You can restrict the API key from accessing an API (e.g. Identity Toolkit) but not disable a single method of the API for client.Sign up and delete user can be (that requires upgrading to Identity Platform) .
Firebase generates an API key when you add a web app. You can either update that or create a new key from API Credentials console.
You can then restrict what the API key in Firebase web config has access to:
However, Firebase Auth Client SDK will not work as Identity Toolkit is not selected. You'll have to proxy the requests through your backend and use a different key that can be used from your server's IP only.
Firebase Admin SDK will still be functional as usual so you can use that to perform other operations like updating/deleting users. You'll just have to write APIs on your backend for what could have been done using client SDK directly (or use Admin SDK when possible).
It might be a lot to update and I would not recommend unless you are facing rate limiting issues where Firebase Support should be able to help.

firebase firestore gives error for a project that's been added to firebase projects

I've added my project to firestore and I'm doing firestore google auth just fine.
My problem is firebase firestore.
It just doesn't work and I have no idea why.
I'm trying to do a simple add before doing the actual process for my app and it doesn't work.
here I implemented a simple function to add a user and then called it, doing it all in build function.
I get this in my console:
p.s.
"adding user" is printed on console.
p.s.
I do have the firebase_options.dart file.
These thing are you sure that the correct:
1.Using correct google_services.json file
2.Edit Fire store rules if you are not using authorization
You have to manually whitelist your existing Google OAuth 2.0 client IDs in the Firebase console before using it with the new Auth APIs.
In order to do so, follow these steps:
Go to the Credentials section in the Google API Console.
Select from the top right corner the project where you had previously configured Google Sign-In.
Go to the OAuth 2.0 client IDs section
If you are using Google Sign-In on Android or iOS applications:
Take note of the Client ID string corresponding to all the entries registered for your applications.
Input these Client IDs into your Firebase project’s configuration:
Go to the Firebase console at https://console.firebase.google.com
Open the Auth section
Under Sign-In methods, open the Google configuration, and add there all you client IDs, to the whitelist of client IDs from external projects.
If you are using Google Sign-In on a web application:
Click to open your web client ID and take note of both the client ID and secret.
Input this Client ID into your Firebase project’s configuration:
Go to the Firebase console at https://console.firebase.google.com
Open the Auth section
Under Sign-In methods, open the Google configuration, and add the values under the Web SDK configuration section.

Where do I need to integrate FCM, front-end or back-end?

So i'm making an app using React JS, Cordova, node backend and a mongo database. I want to integrate firebase cloud messaging (FCM) into my platform. I'm quite new to firebase, and developing in general, and i'm not quite sure where to initialise firebase. I currently have it integrated into the front-end and it's requesting permission to receive notifications, generating tokens, and receiving messages from the firebase console. However i'm not entirely sure where to go from here. Do I add it to my backend as-well?
If you can receive messages in your client app, your front-end work is done for the moment.
But to send messages programmatically, you will need to write back-end code indeed. That's because sending messages through FCM requires that you specify the FCM server key to the API, and as its name implies that key should only be used in a trusted environment, such as your development machine, a server you control, or Cloud Functions.
For more on this, have a look at:
The architectural overview of FCM
The documentation on your server and FCM
My answer to How to send one to one message using Firebase Messaging
You have to get the FCM token from the frontend (or, client app).
After getting the token, just send it to your backend server using a POST method.
Then, store the token in whatever database you're using in your backend. It can be MongoDB, PostgreSQL, etc.

How to solve error "SENDER_ID_MISMATCH" error Using Firebase Cloud Messaging? [duplicate]

I have my client app with Android installed in several devices.
I also have my Server app that send messages to those apps.
The problem is that some devices receive the messages and other don't.
I get the error "MismatchSenderId" when sending the message to those devices.
I divided the problem, so I open the firebase console and send notifications to my apps (I have the Token for each of them). So, using the console app, I get errors on the same devices that using my server. But as I said, every device is using the same app.
Any help of the reason?
So to start of, I'd point out the description for MismatchSenderId error:
A registration token is tied to a certain group of senders. When a client app registers for FCM, it must specify which senders are allowed to send messages. You should use one of those sender IDs when sending messages to the client app. If you switch to a different sender, the existing registration tokens won't work.
As per our discussion, it was pointed out that you created a new Firebase Project instead of importing your Google Project that you were using for GCM. From the new project, the google-services.json was generated and used for the app, which resulted for new tokens to be associated with the new Project's Sender ID. To visualize it properly:
GCM Registration Tokens > only receive messages from > Google Project (1st)
New Tokens > only receive messages from > Firebase Project (2nd)
As a solution, I advised for you to import the Google Project to the Firebase Console, generate a google-services.json from that Project and replace the one in your app with that, which associates the app to that (correct) project. This in turn created tokens that are now associated with your 1st Project.
GCM Registration Tokens > only receive messages > Google Project (1st)
New Tokens > now receive messages > Firebase Project (2nd) Imported Google Project (1st)
Hope that makes sense.
Good to mention from the discussion:
After applying the changes, you mentioned that the error persisted, but it was a different issue that was fixed by simply using the Server Key.
Linked a post during discussion.
Supporting #AL's answer, basically you need to uninstall the app on all the devices and install the app again so that all devices receive new tokens that correspond with the newly connected firebase project database.
Need to enable the following api in the Google Console (https://console.cloud.google.com/)
Firebase Cloud Messaging API
Cloud Messaging
Then your senderId will be identified

What is the difference between Firebase API key (a.k.a Server Key) and the Web API Key?

In Firebase console under Project Settings/General beneath the Project ID field there is a Web API key :
Where is this used? I know that the Server key found under Project Settings/Cloud Messaging is used as Authorization key to make calls to the firebase console:
I have also noticed that in google-services.json ther is an "api_key" property that has a "current_key" value which is different from both keys that I have mentioned. What is that key?
From my answer here:
current key - nothing is explicitly stated anywhere in the docs where it is used, however, among the 3 services where the google-services.json was originally used for before Firebase (Google Sign-in, Analytics, GCM), I'm guessing it would be between Google Sign-in and Analytics. As also mentioned by #DiegoGiorgini here:
The api_key value in google-services.json is not used by FCM. (it is used by other Firebase libraries)
So it can be for a separate Google non-Firebase or Firebase service.
Web API Key - this one I haven't had a chance to use before. However, I've seen other posts wherein this specific API key is used often on Web apps related to Firebase (possibly also for Auth purposes?), but I'm not entirely sure.
Server Key - as per the docs:
A server key that authorizes your app server for access to Google services, including sending messages via Firebase Cloud Messaging.
current_key (as per the docs) is the Android key auto-created by Firebase when creating a Firebase Android App. It's NOT used to control access to backend resources. Instead, it's used to identify your Firebase project when interacting with Firebase/Google services. Specifically, it's used to associate API requests with your project for quota and billing.
Web API Key (as per the docs): can be used to authenticate users by passing its value to the key query parameter in several API endpoints, e.g., sign up or sign in using email & password, generate refresh token, etc.
Server Key (as per the docs): is a server key that authorizes your app server for access to Google services, including sending messages via the Firebase Cloud Messaging legacy protocols.

Resources