skip to Main Content

Context

I have a white label application with multiples partners and each partner can create multiples "web apps". Each web app has your own "auth database". Ex: A partner created a web app A and a web app B. If his user creates an account in web app A, he can’t login into web app B, just in web app A.

How I will do that

I am using firebase authentication. And I will do that using multi-tenancy (https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart). Each partner will have a firebase project associated with his account and each web app will be associated with a a sub-project (tenant). Each tenant will need to setup many social login providers, like facebook and google.

The Problem

I can setup the social provider via console. But I can’t find how can I do that programatically using API. I just found how can I setup social providers via api without using tenant (https://firebase.google.com/docs/projects/provisioning/configure-oauth)

It is possible to setup social providers with multi-tenancy programatically using API?

2

Answers


  1. I believe one way would be using the Identity Platform API:

    https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects.tenants.defaultSupportedIdpConfigs/create

    You just find the parameters for the Supported IDP you’re adding.

    The list of supported IDPs you can find here:

    https://cloud.google.com/identity-platform/docs/reference/rest/v2/defaultSupportedIdps/list

    Login or Signup to reply.
  2. I also had to add the Google provider in one of my projects in Identity Platform (which shares the same APIs as Firebase I believe).

    1. List the default supported identity providers for Identity Platform.

    You can find the reference here:
    https://cloud.google.com/identity-platform/docs/reference/rest/v2/defaultSupportedIdps/list

    It should return all the IDs of the possible identity providers. Here is the result I got when calling it with my Ruby code.

    {:idp_id=>"apple.com"}
    {:idp_id=>"facebook.com"}
    {:idp_id=>"gc.apple.com"}
    {:idp_id=>"github.com"}
    {:idp_id=>"google.com"}
    {:idp_id=>"linkedin.com"}
    {:idp_id=>"microsoft.com"}
    {:idp_id=>"playgames.google.com"}
    {:idp_id=>"twitter.com"}
    {:idp_id=>"yahoo.com"}
    
    1. Create an identity provider configuration for your tenant.

    You can find the reference here:
    https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects.tenants.defaultSupportedIdpConfigs/create

    You should provide the following fields in the request body:

    • name: corresponds to one of the idp_id in step 1
    • client_id: the client ID of your OAuth application
    • client_secret: the client secret of your OAuth application
    • enabled: true if you want to enable the provider

    That is it. You should be able to see the newly created provider in your tenant’s Providers tab.

    google cloud platform - identity platform

    You can find an implementation of one Google Identity Platform API wrapper in Ruby that I used in one of my projects.

    https://gist.github.com/tonystrawberry/41910f127e49dc80feedc5ec76aeb4cc

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search