Reputation: 2659
CONFIG Problem for Firebase Authentication In IONIC (Angular) Project
I made an IONIC project which can be authenticated with Facebook and Google and i put config file(in the picture) in the app.module.ts
Is app.module.ts only seen by the developer?
Can user see this config file when user makes apk to code this project ?
Is this a bug that i made ? Do i have to make API for this ?
Upvotes: 0
Views: 390
Answers (2)
Reputation: 39482
If you follow the Installation and Setup guide for @angular/fire, they keep it in the /src/environments/environment.ts. I'm not sure if that's the recommended place to keep any front-end configurations in the App.
People have mixed opinions about it. You might want to read through this answer to know more.
I think making an API call would make it more prone to sniff and hack. Someone could see your Network Requests and get a hold of the response payload for that matter.
UPDATE:
No, it's NOT SAFE to keep Firebase Config in environment.ts or environment.prod.ts.
As of now, AngularCLI only minifies the code. If you open up Devtools on your Browser, select main.hash-code-for-the-bundle.js and pretty print it, and then try to find by something like messagingSenderId, you'll be able to see it.
NOTE: This is a real production app.
Upvotes: 1
Reputation: 18585
This can all be made public (client-side). This is intended for client configurations. If you look under the web section in the Firebase console you'll see that they tell developers to paste that in their client-side (JavaScript SDK) code.
Upvotes: 2
Related Questions
- Firebase Google authentication error in ionic3
- Ionic 3 Firebase Phone Authentication not working
- Firebase Ionic - Returning Error
- Firebase Authentication on Ionic 2
- Ionic 2 + Firebase Auth
- Firebase authenticate error
- Ionic 2 Angularfire2 auth
- Invalid credentials error in Angularfire2 oauth login
- Authentication is always active in ionic with Firebase
- Angularfire null auth variable