Is possible to retrieve the logs about when a user is log-in or log-out to the platform? And also send them to stackdriver as Cloud Functions logs? thanks
Asked
Active
Viewed 6,147 times
2 Answers
15
Update as of 03/27/2023
Activity Logging can only be enabled for "Firebase Authentication with Identity Platform" with a billing account attached and can not be enabled for "Firebase Authentication Legacy" (projects that haven't upgraded to Identity Platform). Those docs enable logging for the Identity Toolkit API (identitytoolkit.googleapis.com).
Once upgraded to "Firebase Authentication with Identity Platform" you can enable Activity logging via the REST API (instructions below) or via Firebase or GCP Cloud Console.
"Firebase Authentication Legacy" projects were able to able to enable Activity Logging before 03/27/2023 and that behavior will continue to persist, but new requests to enable Activity Logging will now fail.
NOTE: Activity Logging that was enabled on a "Firebase Authentication Legacy" project before 03/27/2023 will not enable Google Cloud Identity Platform for the project, so your project will continue to be subject to Firebase Auth Billing and not Google Cloud Identity Platform Billing.
One of the easier ways for you to retrieve the auth token for the REST command is to have a project owner use OAuthPlayground and authorize the Identity Toolkit API v3 scopes
After enabling Activity Logging you will be able to view these logged operations in Google Cloud Logging. Now you will be able to see successful and unsuccessful login requests e.g. SignInWithPassword for email+password auth and SignInWithIdp for federated sign-in requests like Google SignIn. One way to view requests for a specific user you could filter the logs to only include a specific jsonPayload.response.email
One thing to be aware of is that if you have a large number of users, or really significant activity on your project, you might also want to specify exclusions to minimize cost/traffic/noise.
Thomas Burke
- 1,105
- 9
- 20
-
1Thanks! Had trouble understanding where to get the auth token and your answer with screenshot was helpful. – icosmin Feb 01 '21 at 01:19
-
1This was incredibly helpful and should probably be part of the docs – Derek Perkins Aug 24 '21 at 04:03
-
1where do I get the auth-token for the REST request to enable the logging? – Yadu Sep 20 '21 at 09:46
-
After enabling the Identity ToolKit API v3 scopes in OAuthPlayground, hit the "Authorize APIs" button. That will bring up an OAuth consent screen, accept all that is presented. Then back in the OAuthPlayground UI you will be prompted to select the "Exchange authorization code for tokens" button in Step 2. After selecting the Step 2 dropdown will be populated with an access token that starts with `ya29.` copy that and use in the Identity Toolkit REST API call. – Thomas Burke Sep 21 '21 at 19:49
-
2This should be the accepted answer – Johnny Oshika Nov 17 '21 at 02:27
-
1Thank you - had already aborted a few attempts trying to figure this out. This answer really should be in the official docs! – axelav Mar 15 '23 at 17:18
3
Is possible to retrieve the logs about when a user is log-in or log-out to the platform?
Unfortunately, Firebase does not provide such informations. To solve this, you should create your own mechanism to keep track of users log-in and log-out.
Alex Mamo
- 130,605
- 17
- 163
- 193
-
Is this still the case? Is Firebase Auth login at least rate limited to prevent brute force guessing of passwords? – justColbs Oct 24 '20 at 03:50
-
-
So could someone use Firebase Auth SDK to guess a password 1 million times? – justColbs Oct 24 '20 at 13:12
-
To secure your database, you can use [Cloud Firestore Security Rules](https://firebase.google.com/docs/firestore/security/get-started). – Alex Mamo Oct 24 '20 at 13:20