Federated Identity Authentication Providers

Despite email/password authentication being the most common authentication mechanism, it is hard to make this form of authentication as secure as possible. This is because it requires users to use strong passwords, which they don’t always make. Malicious actors can also try to get a hold of users’ passwords by phishingA type of cybercrime where victims are contacted by email, telephone, or text message by an attacker posing as a trustworthy entity in order to obtain sensitive information or data.

Firebase offers other sign-in methods that mitigate these security risks. One of these methods is via social logins or federated identity providers. Federated identity providers use OpenID Connect, based on OAuth2.0 to authenticate users. The Firebase Authentication SDK provides functions that allow users to sign in with their Google, Apple, Microsoft, Twitter, and GitHub accounts.

With federated identity providers, users can sign in to an identity provider such as Google or Apple rather than creating separate login details for each application. Whenever a user tries to log in, the application sends the user to the identity provider’s login page. Upon successful authentication, the users are then redirected back to the application along with their provider token.

Authenticate using Google sign-in

We can let our Firebase application users authenticate with their Google accounts by incorporating Google sign-in into our authentication workflow. To integrate the Google sign-in method, we must enable Google sign-in on our Firebase project console. We can do this in the following way:

1. Head over to the “Authentication” section of the Firebase console.
2. Click on the “Add new Provider” button then select “Google”. A new pop-up will be shown similar to the third slide below.
3. Include a project support email and click “Save”.

Once saved, Firebase automatically provides our Web SDK configuration details, and a Google sign-in is then available for use on our Firebase project.

Finally, we need to add domains that can access this OAuth feature from our application. Firebase already has a list of authorized domains, which include our Firebase application domains and localhost. We must add our unique Educative domain to this list.

1. Head over to the “Authentication” section of the Firebase console.
2. Click the “Add domain” button under the “Authorised domains” section. Retrieve the unique domain from the widget below: