Reputation: 1
What does SignInWithIDP (Firebase) actually do?
(SignInWithIDP) below: https://cloud.google.com/identity-platform/docs/reference/rest/v1/accounts/signInWithIdp
Does the above function, sends an authentication request to an Identity Provider BEFORE signing in to Firebase with the User's Identity Provider's Token/Credentials?
E.g If a Player sign-in is made to EPIC Games, when Firebase receives the Token from the Client/Player, does Firebase take this Token and ask EPIC Games to authenticate the Token/Credentials, just to be sure that the Token has not been tempered with (BEFORE) signing in the Player and giving the Player, access to their data stored in the Firebase Firestore?
OR
Does Firebase fully trust the Token and simply uses the credentials to login the user and gives them access to their data?
I'm basically trying to find a way in Firebase that will have Firebase CHECK with the Identity Provider first (if the token is legit and not tempered, instead of trusting the Client), BEFORE, signing in the Player to Firebase using the IDP's token/credentials. Is there an existing Firebase Endpoint that does this OR is this supposed to be implemented as a Firebase Cloud Function?
Upvotes: 0
Views: 43
Answers (0)
Related Questions
- Error: Firebase ID token has expired
- Is it safe to expose Firebase apiKey to the public?
- In Firebase, when the verifyPhoneNumber method returns a verificationID to the client, what does that ensure?
- Difference between Google Cloud "Cloud Identity", "Firebase Auth", "Identity Platform"
- Lazy registration with Auth0 and Firebase
- The identity provider configuration is not found - React Native Firebase Authentication with FacebookAuthProvider
- Can I use the Firebase ID token from a client login to authenticate a Java desktop app using the Java SDK?