Multiple firebase projects auth access

Question

I have 2 firebase projects with firestore, let's call them A & B. Both of them have their own web clients. Right now the A web client needs to read B firestore database, so I need to allow the A client to perform certain operations on firestore under certain collections from B. Is there a way to use authentication data from A in B to allow such operations while using firestore rules?. Is there a way to link auth tokens from A to allow them in B?.

Any mechanism would work. The ideal would be to keep using the client web sdk in A while pointing to firestore from B and A at the same time, and reutilize the same auth for both of them. Is this possible?

Answer 1

Firestore security rules can't look at data or accounts outside of the project where they were deployed. You would need to route your clients through some backend API endpoint to be able to check data from multiple sources.

If you want users from A to have a sort of "automatic" account on B without having to sign in again, you can create a custom token on B (again, using a backend you control) to let the user authenticate with the same UID with a "parallel" account in the second project. Rules on B would still be limited to the data immediately in that account and would not be able to access anything directly in A.