Authentication in Firebase

Alright so let's setup Google OAuth together and do a live demo.

Now to the code side:

Let's build stuff

I'll show you email/anonymous/gmail logins for a firebase app. We can store some stuff in a database for each user.

OAuth in the Wild

Typically in these sort of DIY OAuth setups you'll need a few things:

• An "application" that is presented to the User (created in the tech giant's ecosystem)
• A starter button (hosted by you) that sends the user to the tech giant's approval page
• A callback page (hosted by you) where the user is redirected to, in the params of this page is a temporary TOKEN
• Your callback page must get a backend you control to take the temporary TOKEN and POST it back to the tech giant along with an "Authorization header"
• That authorization header contains hashes of secrets from your app
• That callback page must be on an APPROVED URL list
• Finally you have two things, an ACCESS TOKEN and a REFRESH TOKEN, the access token has an EXPIRATION TIME
• the ACCESS TOKEN can be used inside of headers to get access to tech giant APIs
• the REFRESH TOKEN can be used in a POST request to the tech giant in order to get a NEW TOKEN with EXTENDED TIME

I actually need to go set this up soon for tastytrade, maybe I'll make a live demo from it.