Quickstart for Identity Platform

This quickstart walks you through setting up Identity Platform. This guide will help you migrate your application to the cloud, build a new application, and better understand Google Cloud Platform (GCP). By completing this quickstart, you'll do the following:

  • Get started with Identity Platform
    • Enable the Identity Platform Product
    • Learn about the Identity Platform SDKs
    • Configure authentication methods
  • Migrate your existing identity database
  • Integrate a pre-built user interface

Before you begin

To complete this quickstart, you'll need the following:

  • A Google Cloud Platform (GCP) project for which you're a Project Owner, with billing enabled for the project.

Getting started with Identity Platform

This section provides information about how to enable Identity Platform for your project, sign users in to your app using Identity Platform client SDKs, and enable an identity provider.

Enabling Identity Platform

To turn on Identity Platform, follow the steps below:

  1. Go to the Identity Platform Marketplace page in the GCP Console.
    Go to the Identity Platform Marketplace page
  2. Turn on Identity Platform by clicking Enable Identity Platform.
  3. The Identity Platform page displays in the GCP Console.

Using the Identity Platform Client SDKs

The Client SDKs are available across major platforms. You can obtain the SDKs and learn more about them for the platforms below:

Using the Identity Platform Admin SDKs

Throughout this quickstart, we'll make extensive use of the Admins SDKs to help you get started.

The Admin SDKs are available across major platforms. To learn more and get the SDKs, see add the SDK.

Configuring authentication methods

After you enable Identity Platform, you'll configure authentication methods so that your users can sign in to your application.

To enable an identity provider:

  1. Go to the Identity Providers page in the GCP Console.
    Go to the Identity Providers page
  2. Click Add A Provider.
  3. Select the provider you want to use from the list of providers and enterprise federation standards:
  4. After you select a provider, enter details that are relevant for your provider, like Client ID, secret, and other provider-specific information.

Migrate users to Identity Platform

By using the Admin SDK or command-line interface, Identity Platform enables you to move from an existing provider without requiring users to reset their passwords.

The Admin SDK enables you to import users without exporting objects to CSV or JSON. You can also use the command-line interface (CLI) to import a collection of email and password users into Identity Platform. Note this doesn't work for SAML and OIDC providers, which requires use of the Admin SDK.

Migrating users using the Admin SDK

The example below uses Node.js, but the SDK reference includes details for other server languages. To migrate users:

  1. Add the SDK for the language you want to use.
  2. Initialize the SDK.
  3. Import users with or without passwords:

    • Import users with passwords: this example imports users with their passwords encrypted with BCRYPT. Additional hashing mechanisms are also available.

       admin.auth().importUsers([{
         uid: '[UNIQUE_IDENTIFIER]',
         email: '[USER_EMAIL]',
         // Must be provided in a byte buffer.
         passwordHash: Buffer.from('[PASSWORD_HASH]')
       }], {
         hash: {
           algorithm: 'BCRYPT'
         }
       }).then(function(results) {
         results.errors.forEach(function(indexedError) {
           console.log('Error importing user ' + indexedError.index);
         });
       }).catch(function(error) {
         console.log('Error importing users:', error);
       });
      
    • Import users without passwords:

       admin.auth().importUsers([{
       uid: '[UNIQUE_IDENTIFIER]',
       displayName: '[USER_NAME]',
       email: '[USER_EMAIL]',
       photoURL: '[USER_PHOTO_URL]',
       emailVerified: true,
       phoneNumber: '+[USER_PHONE_NUMBER]',
       // Set this user as admin.
       customClaims: {admin: true},
       // User with Google provider.
       providerData: [{
         uid: '[GOOGLE_UNIQUE_IDENTIIFER]',
         email: '[USER_GMAIL]',
         displayName: '[USER_NAME]',
         photoURL: '[USER_PHOTO_URL]',
         providerId: 'google.com'
        }]
       }]).then(function(results) {
        results.errors.forEach(function(indexedError) {
          console.log('Error importing user ' + indexedError.index);
        });
       }).catch(function(error) {
        console.log('Error importing users:', error);
       });
      

Note that providerId is useful throughout Identity Platform to describe a specific provider. For OIDC and SAML providers, this is defined during creation. For other providers, this has a predefined value such as google.com, facebook.com, and other such values that can be retrieved via claims on the signed-in user.

Migrating users using the command-line interface

To use the command-line interface to import users, follow the steps below:

  1. Setup and initialize the Firebase CLI.
  2. Use the command-line interface to import objects from a JSON or CSV file:

       firebase auth:import account_file    \
          --hash-algo=hash_algorithm        \
          --hash-key=key                    \
          --salt-separator=salt_separator   \
          --rounds=rounds                   \
          --mem-cost=mem_cost               \
          --parallelization=parallelization \
          --block-size=block_size           \
          --dk-len=dk_len                   \
          --hash-input-order=hash_input_order
    

For more information about the input parameters, see the CLI reference and the CSV and JSON file format guidance.

When you bulk upload users using the SDK or CLI, the default Identity Platform API quotas are automatically enforced, so the upload is throttled if needed to stay within quota.

Integrating a pre-built user interface

You can use Identity Platform with the pre-built, open-source UI components that are available on the Web, iOS or Android and are available via GitHub. A Web quickstart is available for the UI components that are available on GitHub for all three clients.

In the example below, we'll integrate the UI components with a web app. For other app types, see the links above for client specific instructions.

  1. Add the UI script and CSS from the CDN in the <head> tag of your page. For more options, see the Web, iOS or Android documentation.

       <script src="https://cdn.firebase.com/libs/firebaseui/5.8.2/firebaseui.js"></script>
       <link type="text/css" rel="stylesheet" href="https://cdn.firebase.com/libs/firebaseui/5.8.2/firebaseui.css" />
    


    Note that you should always use the most up to date UI components to get the benefits of new functionality we are continually rolling into our pre-integrated UI. To find the latest SDK version, visit our GitHub Repo.

  2. Make sure that at least one sign-in method that you want to use with the UI components is enabled in the GCP Console.

  3. In the <head> tag of your page, configure how your users can sign in:

       <script type="text/javascript">
         // UI Configuration
         var uiConfig = {
           signInSuccessUrl: '[URL_TO_REDIRECT_ON_SIGNIN_SUCCESS]',
           signInOptions: [
             // Leave the lines as is for the providers you want to offer your users.
             firebase.auth.GoogleAuthProvider.PROVIDER_ID,
             firebase.auth.FacebookAuthProvider.PROVIDER_ID,
             firebase.auth.TwitterAuthProvider.PROVIDER_ID,
             firebase.auth.GitHubAuthProvider.PROVIDER_ID,
             firebase.auth.EmailAuthProvider.PROVIDER_ID,
             firebase.auth.PhoneAuthProvider.PROVIDER_ID,
             firebaseui.auth.AnonymousAuthProvider.PROVIDER_ID
           ],
           // tosUrl and privacyPolicyUrl accept either url string or a callback
           // function.
           // Terms of service url/callback.
           tosUrl: '[YOUR_TOS_URL]',
           // Privacy policy url/callback.
           privacyPolicyUrl: function() {
             window.location.assign('[YOUR_PRIVACY_POLICY_URL]');
           }
         };
    
         // Initialize the UI Components.
         var ui = new firebaseui.auth.AuthUI(firebase.auth());
         // The start method will wait until the DOM is loaded.
         ui.start('#firebaseui-auth-container', uiConfig);
       </script>
    
  4. In the <body> tag of your page, insert the UI Widget:

       <body>
          <!-- The surrounding HTML is left untouched. Your app can use that space for branding, controls and other customizations.-->
          <h1>Welcome to [APP_NAME]</h1>
          <div id="firebaseui-auth-container"></div>
       </body>
    
  5. When you render your page, Identity Platform and the pre-built UI will sign your user in to your application.

To learn about more customizations, see the UI component documents.

What's next

Var denne side nyttig? Giv os en anmeldelse af den:

Send feedback om...

Cloud Identity for Customers and Partners Documentation
Har du brug for hjælp? Besøg vores supportside.