OAuth authorized domains for javascript widget

[Luca]

I am integrating Firebase authentication in a Javascript widget. The authentication will be mainly based on social networks, so via OAuth.

The widget will be embedded in 3rd party sites and I do not in advance which sites will be embedding my widget.

The issue is therefore: is there a way to authorize domains for the OAuth redirect domain that will embed my widget?

Right now I have the feeling there's no easy solution beside figuring out which website has embedded my widget and then authorize that domain in the Firebase console. Of course this is not a good solution ...

Any advice on this would be really appreciated...

ciao

Luca

[Jacob Wenger]

Hey there,

There is no programmatic way to add OAuth authorized domains for your Firebase project. I've forwarded your feature request on to the auth team and, if this becomes a common request, we will look into providing an API for developers to do this. Sorry I don't have a better answer for you.

Cheers,
Jacob

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/4dac8436-4712-4110-a29c-4894467cd68e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Luca]

Hi Jacob,

thanks for your answer... at least know the issue is clear.

I think I saw another post where somebody was looking for an API to edit OAuth domains.

any idea on a workaround for this that I could use? Right now I am tinkering about sending the user to a central site, capture the origin and then send him back to the origin after a successful login. 

Not ideal and not sure if this is doable but I am trying to be creative. Ideas welcome :-)

ciao

Luca

[Nicolas Garnier]

Hey Luca,

Technically, how will these sites be embedding your widget? If your widget will live inside an iframe then all you'll have to do is whitelist the domain of the iframe and things will work fine.

If on the other hand you create the UI directly on the destination page then maybe you could make your "clients" create their own Firebase app: they can whitelist their domain in their own app and provide the app's configuration when they setup the widget.

Hope that helps!

Cheers!

--

Nicolas

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/54dde773-643e-437e-bdeb-23c908be9827%40googlegroups.com.

[Luca]

Hi Nicolas,

thanks for the advice, really appreciate it... 

currently the widget is not using iframes and asking clients to create their own Firebase app is not an option (too many clients, too complex for them, etc etc). 

In this case using iframes might actually be a solution. I need to check pros & cons, but indeed worth checking. Again, thanks for your suggestion... 

I am pretty sure though that many others will face this issue in the future, hopefully we will see a solution as the one Jacob mentioned.

ciao

Luca