App with Firebase and Trigger.io - domain name - firebase

I have an app buit with Firebase I want to deploy using Trigger.io.
In the App I'm using the auth.login('twitter') function.
What domain name shall I put in the Auth setting of my app?
Thanks a lot !

Following up on this thread in case anyone else is looking for the answer to this.
The OAuth-based authentication providers in Firebase Simple Login use pop-ups (via window.open(...) to initiate login flows, and window.postMessage to safely communicate between the two frames.
In order to enable these social, OAuth-based providers in Firebase Simple Login in the Trigger.io environment, there are a few steps:
Ensure you're loading the latest Firebase Simple Login client from the Firebase CDN, at https://cdn.firebase.com/v0/firebase-simple-login.js.
The Trigger.io environment support does not require an authorized domain configuration in Forge, but still will require that you configure your Facebook / Twitter / GitHub application to use the appropriate https://auth.firebase.com/auth/... redirect URL, as documented.
Ensure that any required Trigger.io JavaScript libraries are included (the forge global variable should be set in your application - test with console.log(forge) in your client code).
Lastly, and most important, the Trigger.io Tabs Module must be enabled in your application config.

Related

HERE API: using app_id and app_code from backend when secured against frontend domain

I have a separate frontend (single page application) which is utilizing HERE places API autosuggest feature. However, rest of the application logic which accesses HERE REST APIs is located at the backend side. These services are located on different cloud instances.
I can protect the API credentials by using the frontend SPA domain in "Secure app credentials against a specific domain" in the HERE project page. This blocks the API usage from the backend side. Is there a way to protect the credentials against both services?
You can try the HERE Serverless Apps approach. They provide security of AppID and AppCode: because it is in a central cloud Serverless Application being copied and used in every client application. Read more about it here https://www.here.com/en/aws-serverless.
Update: If you are not able to use Serverless, you can also add up to 10 allowed domains in your project in developer site.
I bypassed this problem by creating separate projects for frontend with domain limits and backend without.
Not an elegant solution, but it works, it's simple, and if I have to block a project in case someone hijacks the keys (everything sent through browser can be read by users) it's just some dynamic maps that wouldn't work until I update the site. Everything else is routed through the server.

Add default custom claims to firebase token

We are working on an application that uses firebase for authentication purposes. We implemented the authentication mechanism in our angular application and everything works fine. what we want now is to add custom claims to the JWT tokens generated once the user is authenticated. We know about the Admin SDK here:
https://firebase.google.com/docs/auth/admin/custom-claims
but this requires the addition of a web service. is there a way to configure firebase via the portal to add a default custom claim for all existing users and new users. what we want is to add an "id" field with random GUID. is it possible to use the Admin SDK to configure this behaviour once and for all?
Thanks in advance.
There is no way to add custom claims without using the Admin SDK. This requires that you run a script on a trusted environment, such as your development machine, a server you control, or Cloud Functions for Firebase. The latter is probably your best option if you want to do this regularly, and don't have your own server.

How to enable client redirect from Firebase Functions?

I am transitioning a ReactJS app running on Heroku to be hosted as a static site on Firebase. I am planning to use Firebase Functions to handle logic and drive environment configurations.
A requirement is to support login via 3rd-party Auth0's hosted login page -- the client is redirected to a login page via:
// redirects to auth0's hosted login page
this.auth0.authorize(options);
Because the options argument fed to this method depends on environment-specific configuration it should reside within a Cloud Function (according to my other question that was answered).
There is documentation in Firebase for serving dynamic content from a cloud function but I don't know how to redirect the client from a cloud function.
Is there a way I can do this? Or a more pragmatic solution?

Firebase: Local Development and testing in AngularFire

I am using Angularfire to make a website. I am trying to integrate oauth based sign in with google for user authentication but when I try to run index.html file and try to login following error is displayed
11:59:28.189 Error: There are no login transports available for the requested method.
Stack trace:
Mg#file:///G:/Project/root/js/firebase.js:142:1267
dh/<#file:///G:/Project/root/js/firebase.js:163:141
1 app.js:31:4
I searched on stackoverflow for this and got this answer , it says that I need to setup a server for this.
Then I looked at firebase docs and they said
For security reasons, if you're using a web-based OAuth flow
(Facebook, Twitter, Github, or Google), only domains that you
whitelist are allowed to initiate authentication for your app. This
does not apply to Email & Password, Anonymous, or Custom
authentication methods. All Firebase applications have localhost and
127.0.0.1 enabled by default for local development and testing.
The authentication works fine after I host it on firebase but deploying takes a lot of time and also sometimes even I don't have access to internet.
So please suggest me easiest manner so I can run my app on localhost.
An easy way to locally run a Firebase (or any other) web site is to use the Firebase tools and then run
firebase serve
See this blog post introducing the local server.

authClient isn't working

I can't get FireFeed OR my own app working with auth, I followed the documentation for this. I copied in the rules and added the keys, what gives? Example: http://flx.me/firefeed/
One think to check when using the Firebase Simple Login / authClient feature is whether or not you have configured the proper application domain in your account. Any domains that you'll be using to host your application and making authentication requests from should be configured in the 'Application Domains' section of Forge (get here by putting your Firebase URL in a browser). For your application, your domains should include flx.me.

Resources