3

I am building a Public Web App (react, typescript, firebase firestore) in which users can manage events of ther groups. A group can have any number of members, which can all log in to the page to see their next events. I want to dynamically create a calendar-file (.ics / ical) for each individual member so they can add it to their personal calendars via CalDAV. But these files need to be private. A CalDav app, like Apple Calendar or Google Calendar should provide the login information for firebase, so that only with the right credentials a user can see his calendar.

Is that possible? I'm open for any kind of suggestion no matter what technology, framework or even third-party option.

Thank you!

Andri
  • 553
  • 4
  • 20
  • 1
    Rather than trying to use passwords in the URLs, I would just generate long, unguessable URLs for the calendars that are publicly accessible otherwise. – Michael Bleigh Aug 10 '19 at 05:19
  • Sadly that's not an option because that url could be sniffed. Also we need to log the user into firebase with the credentials provided by the caldav – Andri Aug 10 '19 at 08:45
  • "Sniffed" in what sense? You can use `robots.txt` to prohibit crawling and sufficiently large random values are in many cases effectively as secure as a password. That being said, if you want it to authz to Firebase you'd probably mint a [Firebase custom token](https://firebase.google.com/docs/auth/admin/create-custom-tokens) and put that as the password of an HTTP basic credential. – Michael Bleigh Aug 10 '19 at 17:22
  • good point! I will dig into that :) Thank you! – Andri Aug 12 '19 at 10:38

0 Answers0