This question already has answers here:
Firebase Authentication with multi-factor authentication
(5 answers)
Closed 2 years ago.
I would like to enable 2FA when I log into my Firebase console. I read that Firebase supports multi-factor authentication for users in Firebase Auth, but I would like to enable it only for logging into my Firebase console to manage my Firebase projects.
Is it possible to enable 2FA only on my Firebase Console?
Multi-factor authentication is currently only available in Google's Cloud Identity Platform, not in Firebase Authentication. While the two products are closely related, this is one place where they are different.
To use MFA, you'll have to upgrade to the paid Google Cloud Identity Platform. You'll still be using the Firebase SDKs in your app, so this change doesn't affect the app you send to your users.
For more information, see:
the GCIP overview page, which also includes information on pricing
the GCIP documentation on multi-factor authentication
Firebase Authentication with multi-factor authentication
Related
We have our iOS app which has its own login mechanism and one of our customer uses SSO login (use MS account) in our app. And now they asked to integrate MS Intune in the app as they want to apple app protection policies on our app.
I've started integrated the ms Intune iOS SDK along with MSAL library as described in the documentation.
But I'm stuck with a issue which is described in the document (https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-ios#apps-that-do-not-use-adal-or-msal)
"Apps that do not use ADAL or MSAL
Apps that do not sign in the user using ADAL or MSAL can still receive app protection policy from the Intune MAM service by calling the API to have the SDK handle that authentication. Apps should use this technique when they have not authenticated a user with Azure AD but still need to retrieve app protection policy to help protect data. An example is if another authentication service is being used for app sign-in, or if the app does not support signing in at all. To do this, the application can call the loginAndEnrollAccount method on the IntuneMAMEnrollmentManager instance:"
According to it, in order for the app to receive the policies, it has to do login and enroll by calling the loginAndEnrollAccount API. But once I call this API, it takes me to MS login page where I can input email/password and if success delegate method gets called.
But my question, I end up with two login flow in my app (one by our own login and another from ms Intune), so not sure whether it is correct behavior or not.
Please let me know if you already worked on ms Intune in iOS.
Thanks.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I'm building a new iOS app that needs the concept of who the user is logged in as. It seems my options are:
Build my own login system, make them enter email, generate password.
Use Facebook or Twitter accounts (or linkedin, google, etc.)
Use Apple ID?
Number 3 seems like a nice apple way but is that even supported? I'm logged in to my iPhone already in settings with my Apple ID. Could I use that?
My question is, it's 2017, what's the latest and greatest way to do this. I have a green field iOS app and can pick any authentication system I want. What say you SO community? Thanks!
Authenticating on iOS
When building a login system for iOS it's important to remember that Apple demands that you support multiple login options for you app. You can't e.g. use only Facebook for login or only Google login. A time ago I got this reply from Apple:
In order for Facebook to be the only authentication mechanism available, your app must include significant account-specific functionality from Facebook. Pulling profile information, or sharing, are not sufficient account-based features for Facebook to be the only authentication mechanism available.
So the option will need to use e.g. custom login + social medium login or several social medium login.
I have seen that a custom login/username+password and the use of social medium authentication is the most used practice. It offers users often one click authentication and authorization. By using social medium, you can get users profile information without asking the users about their information.
Authentication mechanisms:
Facebook
Twitter/Fabric
Google
email/password(custom)
Framework:
Firebase
Facebook
Twitter/Fabric
Google
Parse(Discontinued)
Custom
What do I do?
For a small team/single developer it's easy and fast to develop using Firebase as a authentication service. There's no need for another programming language that what you write your apps in; swift/objective-c.
Firebase
Firebase is a mobile platform that helps you quickly develop high-quality apps, grow your user base, and earn more money. Firebase is made up of complementary features that you can mix-and-match to fit your needs
Firebase is a really great tool for building a login system for your app. It does all the backend services for you and supports login systems for Facebook, Google, Twitter, Github and email/password authentication.
But should you use an authentication mechanism in your app?
If your app doesn’t include significant account-based features, let people use it without a log-in. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. If your core app functionality is not related to a specific social network (e.g. Facebook, WeChat, Weibo, Twitter, etc.), you must provide access without a login or via another mechanism. Pulling basic profile information, sharing to the social network, or inviting friends to use the app are not considered core app functionality.
Ref.:
Number 3 seems like a nice apple way but is that even supported? I'm logged in to my iPhone already in settings with my Apple ID. Could I use that?
Could be a good approach, but Apple have no API/Documentation on that. There is a unique identifier available on iOS devices, though it is not guaranteed that the UUID(Unique identifier) will be the same after rebooting and software reinstalls. (Can't find the source at the moment, can someone verify this?)
Apple do have a framework for using the touchID provided on iOS8+ to authorize users login into you app using the keychain. But this does not provide a authentication framework for you app.
For my understanding, Google Identity Toolkit provides a layer for login with different accounts, like Facebook, Yahoo etc. but how does that differ from the Google OAuth implementation? And regarding Google+ sign in, it is still using OAuth, but only enables login for Google accounts?
Update as of December 28, 2018:
Google is pushing a new service called Cloud Identity Platform.
Which is basically Firebase Authentication just for all GCP customers.
This service offers, like Firebase Authentication, an abstraction layer to any authentication platform (with easy 2-factor authentication starting at GA)
Google Sign-In and Smart Lock are both only the underlying "low level" technologies used by the Firebase Authentication and Cloud Identity Platform client SDKs.
Update as of June 15, 2016: It seems the guide mentioned in the original answer (below) is not kept up to date - the Google Identity Toolkit seems to be on its way out, apparently absorbed into the Firebase Authentication, which is not even mentioned in that guide.
Maybe a better starting point for checking the current Google authentication solutions might be the "Sign In + Identity" icon on the Products page.
Original answer:
I recently saw this Google Identity Platform guide for choosing between various Google identity solutions which may answer some/all of your questions:
https://developers.google.com/identity/choose-auth
I'm trying to build a Google Apps Marketplace App using the new APIs only available through OAuth2. We already have an app using the old APIs, but I'm having trouble figuring out how to have the same flow with OAuth2.
In our old app, the domain administrator would install the app and give it permissions. Then, we could just make requests using our app's id/secret without user interaction. (2-legged OAuth)
How would I do this with OAuth2? None of the flows described here sound like what I'm looking for.
I'm also having hard times to find out to get this new OAuth2 login up and running.
You will have to use service accounts to make requests on behalf of the user.
Documentation is here:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
I did not yet manage to get the flow working without each user being prompted again, but this most likely is because I need offline access:
Google Apps Marketplace SDK + Domain-wide OAuth 2 SSO
I want to login in my iOS App with a Google account. Instead of having a database with users and having to register all the users, I simply login with my existing Google account.
Anyone knows a way of doing this, or a tutorial?
Google Accounts Authentication and Authorization for Mobile Apps has fairly detailed instructions for authenticating Google account users and includes iOS-specific steps.