Use Google Firebase Authentication without 3rd Party Cookies - McMap

About

Use Google Firebase Authentication without 3rd Party Cookies

Asked 13/2, 2018 at 0:30 Answered 14/2, 2018 at 7:12

Solved cookies oauth-2.0 firebase-authentication google-authentication mongodb-stitch

R

1

7

I'm currently experimenting with Social Media Sign-in and have realised something slightly strange on how these logins are delivered which is stemming from the fact that my workplace, like most offices, blocks 3rd party cookies as a security policy.

Google Firebase Authentication uses 3rd party cookies and so if I try to use Firebase, I'm redirected to the Google page (as expected) but when I'm redirected back to the originating webpage after logging in (and Firebase tries to set cookies), I get an error saying This browser is not supported or 3rd party cookies and data may be disabled.

However, MongoDB Stitch somehow works and I'm able to actually login, even with 3rd party cookies disabled. I really can't seem to make sense of why that's the case but I'm hoping someone here can shed some light on it. If it helps, MongoDB Stitch asks that you set https://stitch.mongodb.com as Origin URI and https://stitch.mongodb.com/api/client/v2.0/auth/callback as Authorised Redirect URI in the Google Console - whilst you have to setup your own website URIs inside the MongoDB Console which I believe might be the difference?

In any case, MongoDB Stitch's documentation is severely deficient (thanks to it still being in Public Beta) so I would really like to go the Google Firebase way if at all possible.

Does anyone know how MongoDB Stitch is able to bypass setting 3rd Party Cookies
How can I use Google Firebase Authentication whilst 3rd Party Cookies are disabled

Rollandrollaway answered 13/2, 2018 at 0:30 Comment(1)

Whilst not a proper solution per se, Gigya have defined a workaround on the same topic of blocked 3rd party cookies: developers.gigya.com/display/GD/Blocked+Third-Party+Cookies – Rollandrollaway 13/2, 2018 at 0:31

C

2

Have you tried using gapi.auth2, the Google sign in library for Javascript? Last time I checked, it worked with 3rd party cookies disabled. You can use it to obtain a Google ID token or access token and then sign in to Firebase:

firebase.auth().signInWithCredential(firebase.auth.GoogleAuthProvider.credential(googleIdToken, googleAccessToken))...`

Clemmie answered 14/2, 2018 at 7:12 Comment(7)

Thanks @Clemmie - I did indeed successfully use gapi.auth2 with 3rd party cookies disabled but do you know why that works but not the usual Firebase? It might sound like I'm obsessed with Firebase but only because if I'm using Google+Facebook+Twitter+Email, I really would like to avoid using four different libraries from four different providers: Use of something like FirebaseUI, AWS Cognito, or MongoDB Stitch means that I only have one library to worry about. Do you think using gapi.auth2 and its equivalents is a neccessary evil? – Rollandrollaway 14/2, 2018 at 11:9

It is an implementation detail. Google sign in library uses other means to pass back the result to the original page. The majority of users do not disable 3rd party cookies as it breaks a lot of applications. This is an edge case. If you have an app that is catered to the type of users that disable 3rd party cookies, you'll have to rely on using the OAuth provider libraries. – Clemmie 14/2, 2018 at 17:21

Ah, yeah - this makes sense: just for the sake of others who might be reading this answer, email/password registration works with Firebase Authentication even when 3rd party cookies are disabled so one way to implement this would be to let people use sign-in with Google if the 3rd party cookies are enabled or tell them to register through email/password if their 3rd party cookies are disabled: all achieved through FirebaseUI. – Rollandrollaway 15/2, 2018 at 9:4

I tried the gapi.auth2 method but I got an error saying it won't init with 3rd party cookies disabled. It seems this too requires third party cookies to be enabled. Is it possible to use social signups on firebase with third party cookies disabled? – Carrefour 14/3, 2019 at 16:0

It is not possible to use Firebase Auth popup/redirect flow with 3rd party cookies disabled. – Clemmie 21/3, 2019 at 0:26

Is there another Firebase Auth way of signing in with Google, or is Firebase Auth fully incompatible with Google signing with 3rd party cookies disabled? I'm using Firebase for most auth. Is there a way to have a "Sign in with Google" button that works with Firebase and third party cookies disabled at all? What are the alternatives? – Carrefour 8/5, 2019 at 19:34

@Carrefour have you ever figure this out ? – Fortuneteller 31/8, 2019 at 8:35

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.