Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Use Google Firebase Authentication without 3rd Party Cookies

Tags:

cookies

oauth-2.0

firebase-authentication

google-authentication

mongodb-stitch

I'm currently experimenting with Social Media Sign-in and have realised something slightly strange on how these logins are delivered which is stemming from the fact that my workplace, like most offices, blocks 3rd party cookies as a security policy.

Google Firebase Authentication uses 3rd party cookies and so if I try to use Firebase, I'm redirected to the Google page (as expected) but when I'm redirected back to the originating webpage after logging in (and Firebase tries to set cookies), I get an error saying This browser is not supported or 3rd party cookies and data may be disabled.

However, MongoDB Stitch somehow works and I'm able to actually login, even with 3rd party cookies disabled. I really can't seem to make sense of why that's the case but I'm hoping someone here can shed some light on it. If it helps, MongoDB Stitch asks that you set https://stitch.mongodb.com as Origin URI and https://stitch.mongodb.com/api/client/v2.0/auth/callback as Authorised Redirect URI in the Google Console - whilst you have to setup your own website URIs inside the MongoDB Console which I believe might be the difference?

In any case, MongoDB Stitch's documentation is severely deficient (thanks to it still being in Public Beta) so I would really like to go the Google Firebase way if at all possible.

  1. Does anyone know how MongoDB Stitch is able to bypass setting 3rd Party Cookies
  2. How can I use Google Firebase Authentication whilst 3rd Party Cookies are disabled
like image 276
theRealTraveller Avatar asked Feb 13 '18 00:02

theRealTraveller

People also ask

Does Firebase authentication use cookies?

Firebase Auth provides server-side session cookie management for traditional websites that rely on session cookies.

Can I use Firebase just for authentication?

You can use Firebase Authentication to allow users to sign in to your app using one or more sign-in methods, including email address and password sign-in, and federated identity providers such as Google Sign-in and Facebook Login.

Can we use Firebase without authentication?

No Firebase Authentication…To use the Firebase Storage we need to authenticate a user via Firebase authentication. The default security rules require users to be authenticated. Firebase Storage is basically a powerful and simple object storage, in which you can store your files easily.

How do I beat Firebase authentication?

If you haven't yet connected your app to your Firebase project, do so from the Firebase console. Enable Email/Password sign-in: In the Firebase console, open the Auth section. On the Sign in method tab, enable the Email/password sign-in method and click Save.

1 Answers

Have you tried using gapi.auth2, the Google sign in library for Javascript? Last time I checked, it worked with 3rd party cookies disabled. You can use it to obtain a Google ID token or access token and then sign in to Firebase:

firebase.auth().signInWithCredential(firebase.auth.GoogleAuthProvider.credential(googleIdToken, googleAccessToken))...`
like image 125
bojeil Avatar answered Sep 22 '22 12:09

bojeil
Sign in to Comment

Related questions

Transmit Session IDs in URLs (Session trans_sid equivalent Laravel)
storing a 3kb json in cookies, as a file on server or in the database
Cookie vs Set-Cookie Header in Postman
How to create Play 1.x cookie for just the base domain (no sub domains)
ASP.NET MVC: How do SimpleMembership, SQLSession store, Authentication, and Authorization work?
Why is the magento frontend cookie not set
R httr post-authentication download works in interactive mode but fails in function
Cookies not set or sent in request in iOS Safari or Chrome works on all Android and Desktop Browsers
Web application Kerberos authentication: Is the proper way to combine with cookies?
Why isn't the Facebook JavaScript SDK setting cookies?
Javascript tracing of cookie source
Android WebView losing Cookies in redirects
Is there a solution to the hole in "Improved Persistent Login Cookie Best Practice"?
How to send received jsessionid via spring 4 resttemplate
set-cookie not working for IE11/10 after clearing cache
Privilege Escalation & Session Hijacking in Identity MVC5
Include cookies in HTTP requests when using the Google Cloud Endpoints JavaScript client
Cookies used in Google login
Why am I getting a _ga cookie on my localhost project?
How to set cookie in React Native with Expo?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!