9

I have done some research about sharing the auth object across sub domains of my app. Apparently firebase's web sdk this setup.

My idea is to have a single login website login.myapp.com which can be used by my other apps app1.myapp.com, app2.myapp.com to authenticate with. Just like google.

My first attempt was to stringify() the auth object from localStorage, then send it as a url param to the requesting app so that I could parse() the auth object and store it to that app's localStorage.

But I dont like this setup, not only the tokens will be recorded on browser's history, it also looks weird.

So I was wondering if there is a known setup for this using the admin sdk.

  1. Get auth from login.myapp.com
  2. Pass the uid to app1.myapp.com
  3. app1.myapp.com pass the uid to server via http
  4. The server will check if the uid is authenticated.
  5. If successful, the server will respond an auth object to app1.myapp.com.

Can the firebase admin produce something like this?

enter image description here

jofftiquez
  • 7,548
  • 10
  • 67
  • 121

1 Answers1

7

It sounds like custom token minting is what you need. How about you mint a custom token in login.myapp.com using an Admin SDK, and then pass it to your requesting apps? These apps can then login to Firebase by calling signInWithCustomToken().

Hiranya Jayathilaka
  • 7,180
  • 1
  • 23
  • 34
  • Whoah! Thanks Hiranya. :) I'll come back here to accept your answer once I tested it. – jofftiquez May 19 '17 at 04:20
  • 4
    How do we pass the custom token to the requesting app? – Will Jul 24 '19 at 14:36
  • Hey Hiranya, say user logged in from login.myapp.com, when navigating to app1.myapp.com, does he/she need to call login again? I think it should automatically log user in. – damingzi Jul 24 '20 at 16:18