Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: auth multi tenancy support #1521

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

JRaams
Copy link

@JRaams JRaams commented Apr 17, 2024

Potential starting point for multi tenancy support for firebase/auth, see #1515

Things to keep in mind:

  • Tenant is parsed from the idToken / session cookie token first to decide if getAuth or authForTenant should be used. Afterwards the token gets parsed AGAIN in the validation proces, this time including signature validation. I don't think the impact would be too big since it's just parsing some base64url, but perhaps someone has a better idea for this.
  • I added e2e tests for testing signins in the packages/nuxt folder, but this means playwright install has to be executed before those tests will pass. Would this be an issue?
  • For server session cookie validation to work, environment variable 'GOOGLE_CLOUD_PROJECT' has to be set or the following error would appear: Unknown Error verifying session cookie Must initialize app with a cert credential or set your Firebase project ID as the GOOGLE_CLOUD_PROJECT environment variable to call verifySessionCookie().
    Fixed this for now by prepending 'cross-env' to the package json scripts, as it seemed inappropriate to use the gitignored .env file to let nuxt handle this

@joeriakkerman
Copy link

joeriakkerman commented Jun 19, 2024

I think this should be merged, I checked it out and it works for me as well! @posva do you maybe have some time to review? We actually need these changes.

On top of that, I have a question why the protocol for the firebase emulators is prefixed "http://", should it not be possible to support https locally as well? We are using self signed certificates to serve a development environment locally, including the firebase emulators.

So for both these problems (multi-tenancty / https emulators locally), we are currently using pnpm patches, which is obviously not the ideal situation.

Please let us know if we can provide something to help you out, since I see that you're busy, thanks in advance!

@posva
Copy link
Member

posva commented Jun 20, 2024

I'm in the process of planning time on VueFire with Firebase to work on needed features. Hopefully I will be able to allocate time for this in the following months

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants