8

We are building a js library which is included on third-party sites. When a user takes an action on the third-party site, our library pushes it to a write-only path on Firebase corresponding to the url they made it on.

To allow our clients to view the actions the user has taken ON their actual site, we'd like to log them into firebase on our end and then redirect them to their own site. Our library on their site checks if their uid matches for 'owner' for this site; if so, they then get read-access to the firebase path and can see these 'actions'.

I hacked something up but realise I can't persist sessions between domains. It does work when our clients login from their site, through our js drop-in. We're just using simple login right now, and don't have anything server-side. I'm using the js lib.

Can I use firebase to do this, or do you not support cross-domain sessions? I'm open to spooling up a backend if custom auth will help.

Cheers!

Leo Anthias
  • 89
  • 2
  • Are you asking if different scripts (or copies of the same script) that run on different web sites/domains can write to the same Firebase? – Frank van Puffelen Nov 19 '14 at 19:30
  • 1
    Hey, sorry I was unclear: I'm asking if copies of the same script can not only write to the same firebase, but if you can login from examplea.com and use your authenticated session from examplea.com on exampleb.com without having to login again. – Leo Anthias Nov 19 '14 at 21:22
  • Your users are authenticating with Firebase, not with your web site. And if you're sharing a single Firebase between those sites, they'll be authenticating against that same Firebase. You can easily test this by creating two Firebase Hosting apps for the same Firebase. Or copying your code to two of your own domains. Or one (your own or Firebase hosting) domain and localhost. – Frank van Puffelen Nov 19 '14 at 21:38
  • 1
    Yup, but I am not sure that Firebase supports carrying a session between different domains, see http://stackoverflow.com/questions/24333569/how-do-i-share-firebase-simple-login-sessions-across-domains I also tried it with two on my end, and it didn't work. Are you saying that I can have a user authenticate on one server, and then use the same session -- without logging in again -- on a different server? Cheers! Edit: this also suggests single domain restrictions: http://stackoverflow.com/questions/23291962/how-to-persist-firebase-simple-login-authentication-for-a-multipage-webapplicati – Leo Anthias Nov 19 '14 at 21:46
  • As far as I know it does. As long as you specify all domains in the allowed domains in your Firebase's dashboard. Are you having problems getting this functionality to work? – Frank van Puffelen Nov 19 '14 at 21:49
  • Thanks for your help. I was under the impression that those specifications were only for OAuth sessions (source: http://grokbase.com/p/gg/firebase-talk/14a7kmmsk5/firebase-how-do-authorized-domains-work). Also, I'd need to be able to add them dynamically as -- being a library -- this is included on lots of domains. – Leo Anthias Nov 19 '14 at 21:52
  • 2
    Maybe it helps if you break down your question, e.g. "if a user is logged into Firebase on www.domaina.com and goes to www.domainb.com, is he automatically authenticated?" (I'd expect "no" there), "if the same user logs on to Firebase on www.domaina.com and www.domainb.com, will he be able to see the same Firebase data in both domains?" (I'd expect "yes" to that question). – Frank van Puffelen Nov 19 '14 at 22:12
  • This sounds like an [XY problem](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem/66378#66378) and like you've chosen a needlessly complex solution. It's perfectly possible for users to access your Firebase data or authenticate from any site, and there's no obvious reason to be authenticating on both. – Kato Nov 20 '14 at 16:46
  • 2
    Thanks, Frank, the answer to the former is what I was after. Kato, thanks: the reason to authenticate on both is that our clients want to view data from our firebase on their DOM; thus, they want our one-line js drop-in to provide this data on their domain. The origin of this request will be their domain. They are already logged into an admin panel on our domain: the question revolves around whether they need to login again from their domain, not whether one can access firebase data from multiple domains. I gather the answer is that they must, as sessions are not carried. – Leo Anthias Nov 20 '14 at 17:31

0 Answers0