Migrating from GCP to Firebase: package name and SHA-1 conflict

[Michele Ferretti]

Hi there!

Context

We have an app already published in Play Store that implements Google Sign In, so it is backed by a Google Cloud Platform ("GCP" from now on) project.

We have rewritten that app from scratch, with a new Firebase project as backend (we didn't create it by importing the old GCP project).

We have a Firebase Function trigger on 'user.create' with a lot of important logic that needs to be executed for both our old and new users (we don't mind if this means our old users will be asked to sign-in again).

Issue

When we add the production SHA-1 key of our app to the Firebase console (to enable Google Sign In), an error about package name and SHA-1 pair uniqueness is shown.

We understood the error and we have read the support page (https://support.google.com/firebase/answer/6401008) linked by it, the problem is: we don't know if any of the suggested solutions suits our goals.

Suggested solution #1: delete the Firebase project and create a new one by importing the old GCP project and adding Firebase to it.

Questions about #1:

1. our old users will be ported to the Firebase project or they will need to sign-in again?
2. if they are ported, they will appear in Authentication section as well?
3. if they are ported, the Firebase Function 'user.create' trigger will be invoked for all of them during/after the porting?

Suggested solution #2: in the new Firebase project, whitelist the OAuth 2.0 client ID of the old GCP project
Questions about #2:

1. what does this process do?
2. will old users be asked to sign-in again?
3. will new users be able to sign-in?
4. will both our old and new users appear in Authentication and trigger 'user.create' Firebase Function?

I know it's a lot, but I tried to be as clear as possible about the doubts my team and I have.

Thanks, Michele.

[Sam Stern]

Hi Michele,

Thanks for such a clear phrasing of the question and what you have already considered.  First I want to clarify one critical thing: Google Sign In users are not Firebase Authentication users.  Importing your GCP project into Firebase will have absolutely no effect on your existing users, nor will you see any usage in the Firebase Authentication console.

Firebase Auth works with many identity providers, Google Sign In is one of them.  After your users sign in with Google you can pass the Google token to us for a one-time exchange (docs) which results in the creation of a Firebase Auth user if one does not exist.  If the user is new you will get the "onCreate" functions trigger at this time. After the initial user creation there is no ongoing connection between Google Sign In and Firebase Auth.  If the Google user changes or even completely deletes their Google account, Firebase won't notice.

So that said, let's evaluate your options:

1. Importing your GCP project into Firebase - I'd recommend this option.  There will be no disruption to your users and you won't have to do much besides click a button.  The information above should clarify what will happen to your existing users: nothing, they are not Firebase users.  When you create Firebase users from their Google auth tokens (maybe in an app update) the Cloud Function will fire.
2. Whitelist Client ID - If done correctly this will not affect any of your users (old or new), but you have to be careful to configure this correctly and now you have two projects to manage.  From what I can tell this option has no benefit for you.

Hope that helps!

- Sam

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/ef7beb48-5792-4bf0-bdb9-a32523a5e150n%40googlegroups.com.