Google Chrome Extension + Firebase + Anonymous Auth
492 views
Skip to first unread message
Chinmay Patel
Dec 12, 2013, 10:42:23 PM12/12/13
to fireba...@googlegroups.com
Hello Firebase Coders,
We are working on a Google Chrome extension and planning on using Firebase to save user data. We want to authenticate users and save their data on Firebase without asking users to login. Most likely, we can use anonymous login. My confusion is regarding reauthorizing the user when the session expires. Some specific questions ...
1. What information do we need to store to re-authorize the user?
2. How can we make the re-authorizing call?
3. What permissions do I need to set to make sure one chrome extension user cannot see other users' information? (by reconstructing the request)
4. Can the regular Firebase sync work?
5. Can I do all these processes in background, and not even load the page in the browser?
6. As the documentation say "Authentication requests to Firebase Simple Login are only permitted from domains you specify." Chrome extension doesn't have the domain url (at least I don't know about this). How can I permit the Firebase request from a google chrome extension?
Is there anything else I should know?
Rob DiMarco
Dec 13, 2013, 5:42:28 PM12/13/13
to fireba...@googlegroups.com
Hi Chinmay -
Happy to help you solve this for your use case. I'll answer your questions inline:1. What information do we need to store to re-authorize the user?
2. How can we make the re-authorizing call?
2. How can we make the re-authorizing call?
Currently, there is no way to re-authorize users generated with anonymous authentication, since there is no notion of a credential in this case, and it is intended to be used as a session store. I'll take your particular use case under consideration though to think about how to better solve for that use case. For your use case, it sounds like e-mail / password authentication might make more sense, even if it takes place behind the scenes.
Sessions in Firebase Simple Login last for a configurable period of time based upon what you've configured in Forge under 'Auth', up to 30 days, provided that cookies and local storage are available.
3.
What permissions do I need to set to make sure one chrome extension
user cannot see other users' information? (by reconstructing the
request)
The security rules for your application will be coupled to the structure of your data, so it's hard to give a one-size-fits-all answer, but if you haven't already, I recommend watching the security quickstart at https://www.firebase.com/docs/security-quickstart.html. When authenticating with Custom Login, or Simple Login, your user data will end up in the security rules expressions under the 'auth' variable, which you can use in your expressions to ensure that only certain users can read / write certain paths (such as only user 'bob' can access '/users/bob').
4. Can the regular Firebase sync work?
5. Can I do all these processes in background, and not even load the page in the browser?
6. As the documentation say "Authentication requests to Firebase Simple Login are only permitted from domains you specify." Chrome extension doesn't have the domain url (at least I don't know about this). How can I permit the Firebase request from a google chrome extension?
6. As the documentation say "Authentication requests to Firebase Simple Login are only permitted from domains you specify." Chrome extension doesn't have the domain url (at least I don't know about this). How can I permit the Firebase request from a google chrome extension?
Firebase behaves normally in Chrome extensions, but Simple Login, a separate, add-on service built on top for delegating authentication, does not behave well in Chrome extensions when using OAuth / popup-based authentication, due to the restrictions amount originating domain.These domain restrictions are only applicable to the OAuth / popup-based authentication methods (Facebook, Twitter, GitHub, Persona, etc.) where required, but are not applicable to email / password or anonymous authentication.
Also, check out https://github.com/firebase/firebase-chrome-extension for a simple example application of Firebase in a Chrome extension.
Hope that helps, but be sure to let me know if you have any additional questions. Thanks -
Rob
Rob
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Chinmay Patel
Dec 18, 2013, 11:15:16 AM12/18/13
to fireba...@googlegroups.com
Just saw your answer, Rob. Thanks for doing an excellent job of explaining the situation. Much appreciated.
Cheers,
Chinmay
Reply all
Reply to author
Forward
0 new messages