Authentication

Using Firebase client SDK

The template web app contains a useAuth hook that provides functions allowing users to log in via OAuth providers, using the Firebase client SDK. This sign in method will work out-of-the-box for Google sign in but it requires changes at platform level to allow other providers.

Using Firebase admin SDK

If you want to customize your sign in methods, you can use our accounts API to directly manage users. The Accounts service allows you to manage Google Identity Platform (IdP) users and their tokens directly. Each user also has a profile stored in Firestore, which can be managed using the User Profile service.

Known limitations

Each organization has its own tenant within Google's IdP, generated when the organization is created. Firebase links by default accounts with the same email stored in IdP. This behavior is implicit and cannot be changed. It might lead to issues, for example if the provider you use for authentication allows for multiple accounts with the same email.

Workaround

You can bypass this issue by creating IdP accounts without an email. This ensures that when a new user joins, their IdP account will not be linked to any other account. If you still require emails, for example to grant permissions, you can store them in the user's profile in Firestore. Our permission system relies on the data stored in Firestore, not in Google's IdP.