Skip to content Skip to sidebar Skip to footer
Home / Actions On Google / Android / Authentication / Firebase Authentication

How To Link User Account Among Google Actions, Mobile App, Backend Server And Firebase Auth?

Post a Comment
Not sure if this is the right place for this question. This is not necessary 100% coding problem but it is not not a coding problem either. Anyway, here is The Story: I want to cre

Solution 1:

Some answers to your questions:

  1. If IDs or Email matches - does this identify the user?

    Well, yes and no.

    If the IDs match, then you have verified that the Google ID for the account that logged in matches the Google account you have on record. Great! This is secure and you can trust it.

    If the email matches... well... a much lower degree of confidence. While Google does do opt-in checking, this still seems like you're taking a risk. Email addresses do change over time.

  2. What if they authenticated via some other means?

    Did I summarize that question correctly?

    I guess I'm not sure how you would handle this in any other case. If they're logging into your Assistant app using a different account (not email, account) than they used for the web... they want the two to be different?

    And they can log into your Action using a different Google account than the one they used to setup their device. There are flows that encourage them to use the same one, but they don't have to, and you can fall back to those other flows if you don't have an account on record for the one they use by default.

  3. Can't I just use Firebase Auth?

    Well... no and yes.

    No, there is no way to just tell the Assistant to hand you a Firebase auth token instead of the token it wants to hand you.

    However, you can use Firebase Auth if you're willing to setup your own OAuth2 server. The link to the StackOverflow question above was just trying to work around having to setup an OAuth2 server yourself. If you set one up you can have them login using Firebase Sign-In, generate the token and store it against their Firebase ID, and issue that token to the Assistant client. When you get that token back, you can easily associate it back to the Firebase ID.

    BUT You need to do that work. Neither Firebase nor the Assistant will do it for you.

    (A missed opportunity for Firebase and Google Cloud, imho. But...)

    You've already seen the page for how to build a minimal OAuth2 server.

  4. Should I just dump Firebase Auth?

    There is no need to. You can use Firebase Auth in conjunction with setting up your own OAuth2 server. It is a great base for it! I, personally, use Firebase Auth and Firebase Sign-In (and Firebase Hosting and Firebase Functions) as the basis for my OAuth2 implementation.

You may like these posts

Post a Comment for "How To Link User Account Among Google Actions, Mobile App, Backend Server And Firebase Auth?"