Showing a custom domain during sign in

This document shows you how to customize the Identity Platform authentication handler so users see your domain when signing in.

Understanding the default authentication handler

When you enable Identity Platform for your project, a unique subdomain powered by Firebase Hosting is created automatically. The domain takes the form of https://[PROJECT-ID].firebaseapp.com. By default, Identity Platform uses this domain to handle all OAuth, OIDC, and SAML sign-in redirects.

Using the default domain has several benefits:

  • Easier setup

  • Use multiple domains with the same federated providers

  • Share a single callback URL across different services and domains

  • Works with providers that only support one callback URL per app

The downside of the default handler is users will briefly see the https://[PROJECT-ID].firebaseapp.com URL when signing in.

Customizing the authentication handler

To override the default handler and provide your own:

  1. Connect your project to a custom domain. You'll need to complete these steps using the Firebase Console; using the gcloud command-line tool or the Cloud Console is not supported.

  2. Go to the Identity Providers page in the Cloud Console, and select your SAML provider. Go to the Identity Providers page

  3. Add the custom domain to the list of Authorized Domains.

  4. Update the Callback URL to your custom domain. For example, change https://myproject.firebaseapp.com/__/auth/handler to https://auth.mycustomdomain.com/__/auth/handler.

  5. Click Save.

Updating your Client SDK configuration

Normally, you can copy the initialization code for the Client SDK from the Cloud Console. If you customize the authentication handler, you'll need to update the authDomain field to your custom domain:

firebase.initializeApp({
  apiKey: '...',
  // Replace the default one with your custom domain.
  // authDomain: '[YOUR_APP]/firebaseapp.com',
  authDomain: 'auth.[YOUR_DOMAIN]'
});