Google Identity Platform

Google Identity Platform

Firebase Auth & SSO

Contents

Introduction

Imagine you have a valuable treasure, and you only want to share it with your close friends. But how can you make sure that the person who wants to see the treasure is really one of your friends?

To do this, you put a lock on the treasure chest. But making a lock is really hard! There are a lot of parts to put together, and it takes a lot of time and effort. Additionally ensuring your friends get keys is hard work on its own.

Now, imagine that you have a website or app, and you want to keep it safe too. Just like the treasure chest, you need to put a lock on it. But instead of a physical lock, you need to put a digital lock. Making a digital lock is even harder than making a physical lock, because there are even more parts to put together!

This is where tools like Firebase Authentication and Google Identity Platform come in. They provide a more secure and efficient solution by handling the authentication process for you.

These tools offer secure and convenient authentication options, including email and password authentication, phone number authentication, single sign-on using third-party providers, and multi-factor authentication. In addition, they provide real-time authentication state synchronisation, password hashing, encryption, secure token storage, and the ability to enforce access control based on user attributes.

Identity Platform vs Firebase Auth

So what’s the difference between the two and why would I pick one over the other?

The way Firebase Auth works is that it offers its own authentication system or it can use Identity Platform as the back end. They both use the same SDK for web applications, mobile, C++ and Unity.

By default, Firebase uses the Firebase Legacy authentication, but if you try to use features that are only supported by Identity Platform it offers to upgrade as seen in this screenshot:

Image

The upgrade does not require any code change, so you can start developing your application using the Legacy Firebase Authentication and when comes the time to add MFA upgrade to Identity Platform. As they both use the same SDK.

Essentially as soon as you start to use any more features than are available in legacy Firebase Auth you will be forced down the path of Identity Platform.

Spot the Differences

There are a couple of important key purposes as to why these have been branched into their own tools by Google. Let’s run through a few.

Purpose

Firebase Authentication is designed specifically for use with Firebase, Google’s mobile and web application development platform, while Google Identity Platform is a general-purpose authentication solution that can be used with any platform or technology including Firebase SDK.

Integration

Firebase Authentication is tightly integrated with Firebase and can be easily added to a Firebase app. Google Identity Platform can also be added to Firebase apps, but the API allows, on the other hand, requires more manual setup and can be used with a wider range of technologies.

Features

Firebase Authentication has a limited set of features compared to Google Identity Platform, which offers a more comprehensive set of authentication options, including multi-factor authentication, the ability to use third-party identity providers and the ability to use SAML which can be used with Azure AD for SSO.


Feature Identity Platform Legacy Firebase Authentication Sign in with email Yes Yes Sign in with OAuth Yes Yes Sign in with phone Yes Yes Custom authentication Yes Yes Multi-factor authentication Yes No Blocking Functions Yes No Sign in with OIDC Yes No Sign in with SAML Yes No Multi-tenancy Yes No IAP integration Yes No Rest API Yes No


Blocking functions are a very interesting feature, it allows the creation of functions either Before account creation (beforeCreate) or Before sign in (beforeSignIn). This can be used to verify information or stop spammers from creating accounts, etc.

The REST API for the Identity Platform allows you to add Identity Platform pretty much anywhere that has an internet connection. If the SDK is not supported you can query the API directly.

Identity providers

They both support the following providers

Providers
Google
Facebook
Play Games
Game Center
Apple
GitHub
Microsoft
Yahoo
Twitter

Cost

Firebase Legacy Authentication offers up to 50k monthly active users for free.

Identity Platform through Firebase you get 3k daily active users for free.

Identity Platform itself offers up to 50k monthly active users authenticating through email, phone, or social networks for free. For OpenID Connect (OIDC) or Security Assertion Markup Language (SAML), only the first 49 are free, then the cost is 0.015 USD a month per user.

Compliance and uptime

FeatureIdentity PlatformFirebase Authentication
ISO 27001YesYes
SSAE 18 SOC1YesYes
SSAE 18 SOC2YesYes
SSAE 18 SOC3YesYes
TISAXYesNo
BAA coverageYesNo
PCI-DSS in scopeYesNo
Enterprise SLA99.95% uptimeNo

Implementation

Pre-requisites

This is where the Firebase SDK comes in. This development kit makes it extremely easy to connect to the appropriate APIs for both Identity Platform and Firebase Auth and put it into your existing codebase.

Some things to consider before you get started:

  1. Create a Firebase account: You’ll need a Google account to create a Firebase account. You can sign up for a Firebase account for free.

  2. Create a new Firebase project: Once you have a Firebase account, you can create a new Firebase project from the Firebase Console.

  3. Enable Firebase Authentication: In the Firebase Console, you can enable Firebase Authentication for your project. You’ll need to choose the authentication providers you want to use, such as email and password, Google, or Facebook.

Integration

  1. Integrate the Firebase SDK: To integrate Firebase Authentication in your app, you’ll need to add the Firebase SDK to your project and initialise Firebase.

    1. Add the Firebase SDK to your project: You can add the Firebase SDK to your project by following the instructions for your platform (e.g., iOS, Android, Web). This typically involves adding a couple of lines of code to your project’s dependencies.

    2. Initialize Firebase: After you’ve added the Firebase SDK to your project, you’ll need to initialize Firebase by adding a few lines of code. This typically involves creating a new instance of the FirebaseApp class and configuring it with your Firebase project’s credentials.

    3. Authenticate users: Once you’ve integrated the Firebase SDK and initialized Firebase, you can start authenticating users. Firebase provides several APIs that allow you to authenticate users with different methods, such as email and password, Google, or Facebook.

  2. Implement the user authentication flow: You’ll need to implement the user authentication flow in your app, which includes creating and managing user accounts, handling sign-up and sign-in, and handling errors.

  3. Test your implementation: Once you’ve implemented Firebase Authentication, you should test your implementation to make sure everything is working correctly.

Additional Providers

From there adding additional providers is very straightforward.

For example - to add GitHub authentication the following Javascript is required:

function toggleGHSignIn() {
if (!firebase.auth().currentUser) { var provider = new firebase.auth.GithubAuthProvider();
provider.addScope("repo");
firebase .auth() .signInWithPopup(provider).then(function (result) { // This gives you a GitHub Access Token. Youcan use it to access the GitHub API. var token =
result.credential.accessToken; // The signed-in user info. var user = result.user;
document.getElementById("quickstart-oauthtoken").textContent = token;
}).catch(function (error) { // Handle Errors here.
// var errorCode =error.code;
// var errorMessage = error.message;
// The email of the user's account used. var email = error.email;
// The firebase.auth.AuthCredential type that was used. var credential =
}); } else { firebase.auth().signOut(); }
document.getElementById("quickstart-sign-in").disabled = true; }

As seen in: https://firebase.google.com/docs/auth/web/github-auth#web-version-9_3

Additionally adding a button on the HTML page is easy:

Food for Thought

Here are a couple of important considerations for implementation for your app or website:

  1. Firebase SDK: The Firebase SDK provides the APIs you’ll need to implement authentication in your app. You’ll need to be familiar with the SDK to write code that interacts with Firebase.

    1. The firebase documentation is very useful:

      1. https://firebase.google.com/docs/auth/web/start
    2. This GitHub repo is the best way to get started if you prefer learning by reading code:

      1. https://github.com/firebase/quickstart-js/tree/master/auth
  2. User authentication flow: You’ll need to understand the user authentication flow, which involves creating and managing user accounts, handling sign-up and sign-in, and handling errors.

  3. API calls: You’ll need to make API calls to Firebase to create and authenticate users, retrieve user data, and perform other authentication-related tasks.

  4. Session management: You’ll need to manage user sessions in your app, which involves tracking whether a user is signed in or not, and keeping track of the user’s authentication state.

  5. Data validation: You’ll need to validate user input to ensure that it meets your app’s requirements, such as valid email addresses, strong passwords, and unique usernames.

Demo

What does this look like in reality? Well feel free to give it a try here!

https://francis-sandbox-tf.web.app/mfa-password.html

So Now What?

Firebase Authentication is a good choice for Firebase-based apps that require simple authentication, while Google Identity Platform is a more robust solution for applications that require more advanced authentication capabilities. Now that the Google Identity Platform can be used through Firebase Authentication SDK it is quite easy to get started with and it will be able to be rolled out to any platform after that.