-
-
Notifications
You must be signed in to change notification settings - Fork 433
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create tenant programmatically #837
Comments
That's currently not possible with the SDK, and I remember a PR from a few years ago that I wasn't ready to take on because Google IdP wasn't a core part of Firebase back then. But if the official Admin SDKs have it (by now), I'll look into it. In the meantime, it might be possible to use the |
Note to self: https://github.com/firebase/firebase-admin-node/blob/master/src/auth/tenant.ts It seems to be part of the SDK since 2019, so I must have had another reason 😅 |
Ha, gotcha! It might hit the GCIP api instead of firebases API? I could imagine that being weird. In any case, for future readers, here's how I got API calls working to Google Cloud's REST api without using an SDK (since it doesn't exist for this particular use case in PHP land): (This is all within google cloud, not firebase):
The code below shows:
This is in Laravel (with some adjustments to not be specific to a console command I made in Laravel to test) - it uses Laravel's HTTP facade to make requests: use Carbon\Carbon;
use Firebase\JWT\JWT;
$jwt = JWT::encode(
payload: [
'iat' => Carbon::now()->timestamp,
'exp' => Carbon::now()->addHour()->timestamp,
'iss' => "your-service-accont@project-name.iam.gserviceaccount.com",
'sub' => "your-service-accont@project-name.iam.gserviceaccount.com",
'aud' => "https://www.googleapis.com/oauth2/v4/token",
'scope' => "https://www.googleapis.com/auth/identitytoolkit",
],
key: "<private key string extracted from service account JSON key file here>",
alt: 'RS256'
);
// Exchange JWT for auth token
$exchange = HTTP::post("https://www.googleapis.com/oauth2/v4/token", [
'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion' => $jwt,
]);
if (! $exchange->successful()) {
echo 'could not exchange jwt for token';
return false;
}
// Make API calls as documented here:
// https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects.tenants
$result = Http::withToken($exchange->json('access_token'))
->asJson()
->acceptJson()
->get("https://identitytoolkit.googleapis.com/v2/projects/<your-project>/tenants");
var_dump($result->status(), $result->json()); |
Thanks for sharing, it will certainly help others with the same requirement! 🙏🏻 I'll keep the issue open as an enhancement so that you'll get notified if/when this lands in the SDK! |
Describe the feature you would like to see
Hi!
I'm looking into gcloud / firebase for multi-tenancy on a b2b saas.
It looks like the admin sdk can create tenants, but I can't find that in this PHP sdk - is it possible and I'm just missing it?
(NodeJS examle):
https://cloud.google.com/identity-platform/docs/multi-tenancy-managing-tenants#node.js
Perhaps that has to be done via google cloud API?
Thanks!
The text was updated successfully, but these errors were encountered: