Firebase custom Auth with Microsoft Authentication

568 views
Skip to first unread message

giovann...@knowit.se

unread,
Apr 16, 2018, 10:57:34 AM4/16/18
to Firebase Google Group
I'm trying to make an Enterprise app for our company which connects to a lot of O365 features. Since we as developers want to use as many Firebase features as possible we are interested in making a smooth login for our users that can only log in to their work accounts on Microsoft Office and then be fully accessed to Firebase database and Auth. I have read the documentation for custom Auth - but i'm not sure this is secure enough.

- Is there any good examples on how to use your Auth with Microsoft (Azure / Graph) login? 
- I will still need the tokens received from Microsoft within the app to make in app requests towards O365 - how can I do this?
- How can I be sure that any string sent to "signInWithCustomToken" won't generate valid access to my database?

Hiranya Jayathilaka

unread,
Apr 16, 2018, 1:24:31 PM4/16/18
to fireba...@googlegroups.com
On Mon, Apr 16, 2018 at 7:57 AM giovanni.palusa via Firebase Google Group <fireba...@googlegroups.com> wrote:
I'm trying to make an Enterprise app for our company which connects to a lot of O365 features. Since we as developers want to use as many Firebase features as possible we are interested in making a smooth login for our users that can only log in to their work accounts on Microsoft Office and then be fully accessed to Firebase database and Auth. I have read the documentation for custom Auth - but i'm not sure this is secure enough.

- Is there any good examples on how to use your Auth with Microsoft (Azure / Graph) login? 

I don't think there are any examples specifically for Microsoft login. However, there are some generic video tutorials on the subject. For instance: https://www.youtube.com/watch?v=WtYzHTXHBp0
 
- I will still need the tokens received from Microsoft within the app to make in app requests towards O365 - how can I do this?

I don't know enough about Microsoft auth so this might be wrong. But can you handle this at the backend server where you will be creating custom tokens? The server can include both the Firebase custom token and the Microsoft token in the response sent to the app. 
 
- How can I be sure that any string sent to "signInWithCustomToken" won't generate valid access to my database?

Custom tokens are signed JWTs. They must be signed with a private key (service account) obtained from the Firebase project, which only the developers and admins of the project have access to.
 

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/066df5c5-6db7-40b6-90e9-087335aab12c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--

Hiranya Jayathilaka | Software Engineer | h...@google.com | 650-203-0128

Karma

unread,
Apr 16, 2018, 2:59:12 PM4/16/18
to Firebase Google Group
Im new here trying to build a new fire base can anyone give any imput
Reply all
Reply to author
Forward
0 new messages