Context
I have a white label application with multiples partners and each partner can create multiples "web apps". Each web app has your own "auth database". Ex: A partner created a web app A and a web app B. If his user creates an account in web app A, he can’t login into web app B, just in web app A.
How I will do that
I am using firebase authentication. And I will do that using multi-tenancy (https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart). Each partner will have a firebase project associated with his account and each web app will be associated with a a sub-project (tenant). Each tenant will need to setup many social login providers, like facebook and google.
The Problem
I can setup the social provider via console. But I can’t find how can I do that programatically using API. I just found how can I setup social providers via api without using tenant (https://firebase.google.com/docs/projects/provisioning/configure-oauth)
It is possible to setup social providers with multi-tenancy programatically using API?
2
Answers
I believe one way would be using the Identity Platform API:
https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects.tenants.defaultSupportedIdpConfigs/create
You just find the parameters for the Supported IDP you’re adding.
The list of supported IDPs you can find here:
https://cloud.google.com/identity-platform/docs/reference/rest/v2/defaultSupportedIdps/list
I also had to add the Google provider in one of my projects in Identity Platform (which shares the same APIs as Firebase I believe).
You can find the reference here:
https://cloud.google.com/identity-platform/docs/reference/rest/v2/defaultSupportedIdps/list
It should return all the IDs of the possible identity providers. Here is the result I got when calling it with my Ruby code.
You can find the reference here:
https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects.tenants.defaultSupportedIdpConfigs/create
You should provide the following fields in the request body:
name
: corresponds to one of theidp_id
in step 1client_id
: the client ID of your OAuth applicationclient_secret
: the client secret of your OAuth applicationenabled
:true
if you want to enable the providerThat is it. You should be able to see the newly created provider in your tenant’s
Providers
tab.You can find an implementation of one Google Identity Platform API wrapper in Ruby that I used in one of my projects.
https://gist.github.com/tonystrawberry/41910f127e49dc80feedc5ec76aeb4cc