Targeting Firebase Auth #1198
Comments
|
A major part of getting it to work in most apps is the "X-Goog-Spatula" header, which is used for obtaining the firebase auth tokens in some apps, which requires DroidGuard, so some proprietary parts would be required for the implementation. I don't know if DroidGuard is currently working, but that would have to be considered. Some of my notes on it are here (its a few months old), including some python code for using the Tier app, which requires the Spatula header: https://gist.github.com/Romern/e58e634e4d70b2be5b57d7abdb77f7ef Maybe it helps a bit |
|
Thanks @Romern , this is definitive a starting point 👍
Can you elaborate on this? Do you know what other apps are using? Maybe I can find it in an official Furthermore, I only have a rough picture how the communication between |
|
Sorry, this was more of an assumption that most apps use it. I saw it in the Tier app and I remember checking out some other apps using authentication using PhoneAuthProvider. It may be a start to setup the sample app ( https://github.com/firebase/quickstart-android/tree/master/auth ) and record the traffic for the various authentication methods. The header itself is undocumented, I was not able to find it in any (un-)official documentation. |
|
Same here, could not find any documentation about the header in my today's research :-( |
|
Ok, I tried some of the Authentication methods (GoogleSignInActivity, EmalPasswordActivity, PhoneAuthActivity, AnonymousAuthActivity) and edited the requests with Charles to not include the Spatula header, and only PhoneAuthActivity threw an |
|
Yes, that matches my observation that at least most of Firebase Auth should work fine without any special headers. Firebase Auth is based on the Google Identity Toolkit RelyingParty API which has partially public API description and open source client libraries. I'm actually in the process of implementing Firebase Auth these days. |
I will gladly support you wherever I can @mar-v-in . Please feel free to reach out. I still suggest to make a quick call to align ourselves ;-) |
I saw that in my logs yesterday, too. I am looking into this in more detail with regard to @mar-v-in information right now. |
|
Instead of using the Android PhoneAuth using the Spatula header, you can use the web/js-API with recaptcha, as the phone authentication in the firebase dev console can only be enabled for all platforms: https://firebase.google.com/docs/auth/web/phone-auth . |
|
Initial support for Firebase Auth has landed in c3bfb63
|
|
Google Voice Fails to log into during setup with current apk installer and once setup Network Authentication Error connect to Google VOIP server. |
|
It appears that Tier has blocked the method, web-api atuhentication now throws the error: and the app does not work anymore (visible and invisible captcha). The pop flow gets past the request for the captcha, but the sms code is not sent. EDIT: My own Firebase app still works, so it seems to be a single instance where they banned it. |
|
|
|
Yuka is crashing when I click the "Sign in with email" button. (Facebook button is not crashing) Using a phone with GApps: if I go to the login screen and press the email button, the following activity appears, showing the pop-up with the email.
If I try the same thing on another phone with microG 0.2.14.204215, the app crashes as soon as I press the email button. No I've cleaned the logs taking out the lines that I supposed were not relevant. If you need the full logs or if you want me to try something else, I'll be glad to help. |
Same problem with Yuka |
|
Has anyone retried with 0.2.15.204713? |
|
FirebaseUI Auth is still not implemented, which is why Yuka and other apps crash when using it. I added the info to the wiki |
|
I still experience this with firebase email password login in MicroG0.2.17.204714... I own the app it doesn't work in so if any logs are checks are needed lmk |
|
@dri94 The way MicroG works, is that it uses the Firebase Web-API, so your API key needs to allow for websites to use it. Of course this could potentially be a security concern for certain apps, but if not you can select your API Key in the Google Cloud Console under APIs and Services and remove the "Application restrictions". |
This was in fact the issue. Thanks. Since I own the app I can just enable web services when I need it and restrict the key otherwise |
|
I fixed the issue with Yuka and probably other apps via 161c2ff |
|
@mar-v-in Great news! I'll try it with a couple of apps I know, whenever there's a version with these changes, and I'll keep you updated. |
|
Any chance we can get a new release with this commit? I have the same problem with Tandem and would be happy to test it out and report back. |
|
v0.2.19.211515 fixes this for me, thanks a lot! |
|
Would support for
From what I can see in c3bfb63 that's how that part was implemented. Anything we can do to help with this ? |
|
Most problems with Firebase auth are already fixed, if needed please open a new ticket. |
Hey there,
I use
microGfor many years now and still love it ❤️Sadly, for me, the missing
firebase authfeature / support is a huge pain. Therefore, I decided to investigate this issue and will spend some time on it. In order to do so, I appreciate some help. I am familiar with android, building android roms and android apps, but I am not familiar with the internal ofmicroG.As a result, I have some questions / requests:
firebase authissue and define tasks to solve it.Furthermore, I suggest making this a collecive issue for all
firebase authrelated problems.Here are some references that may be connected to a
firebase authissue (some already have theFirebase Authtag):#756
#809
#842
#951
#1013
#1162
Looking forward to hear from you!
The text was updated successfully, but these errors were encountered: