diff --git a/auth-next/multi-tenancy.js b/auth-next/multi-tenancy.js new file mode 100644 index 00000000..c0c86662 --- /dev/null +++ b/auth-next/multi-tenancy.js @@ -0,0 +1,347 @@ +// [SNIPPET_REGISTRY disabled] +// [SNIPPETS_SEPARATION enabled] + +function setTenant() { + // [START multitenant_set_tenant] + const { getAuth } = require("firebase/auth"); + const auth = getAuth(); + const tenantId = "TENANT_ID1"; + auth.tenantId = tenantId; + // [END multitenant_set_tenant] +} + +function switchTenantSingleAuth(auth) { + // [START multitenant_switch_tenant] + // One Auth instance + // Switch to tenant1 + auth.tenantId = "TENANT_ID1"; + // Switch to tenant2 + auth.tenantId = "TENANT_ID2"; + // Switch back to project level IdPs + auth.tenantId = null; + // [END multitenant_switch_tenant] +} + +function switchTenantMultiAuth(firebaseConfig1, firebaseConfig2) { + // [START multitenant_switch_tenant_multiinstance] + // Multiple Auth instances + const { initializeApp } = require("firebase/app"); + const { getAuth } = require("firebase/auth"); + const firebaseApp1 = initializeApp(firebaseConfig1, 'app1_for_tenantId1'); + const firebaseApp2 = initializeApp(firebaseConfig2, 'app2_for_tenantId2'); + + const auth1 = getAuth(firebaseApp1); + const auth2 = getAuth(firebaseApp2); + + auth1.tenantId = "TENANT_ID1"; + auth2.tenantId = "TENANT_ID2"; + // [END multitenant_switch_tenant_multiinstance] +} + +function passwordSignInWithTenantDemo(auth, email, password) { + // [START multitenant_signin_password_demo] + const { signInWithEmailAndPassword, onAuthStateChanged } = require("firebase/auth"); + // Switch to TENANT_ID1 + auth.tenantId = 'TENANT_ID1'; + + // Sign in with tenant + signInWithEmailAndPassword(auth, email, password) + .then((userCredential) => { + // User is signed in. + const user = userCredential.user; + // user.tenantId is set to 'TENANT_ID1'. + // Switch to 'TENANT_ID2'. + auth.tenantId = 'TENANT_ID2'; + // auth.currentUser still points to the user. + // auth.currentUser.tenantId is 'TENANT_ID1'. + }); + + // You could also get the current user from Auth state observer. + onAuthStateChanged(auth, (user) => { + if (user) { + // User is signed in. + // user.tenantId is set to 'TENANT_ID1'. + } else { + // No user is signed in. + } + }); + // [END multitenant_signin_password_demo] +} + +function signUpWithTenant(auth, email, password) { + // [START multitenant_signup_password] + const { createUserWithEmailAndPassword } = require("firebase/auth"); + auth.tenantId = 'TENANT_ID'; + + createUserWithEmailAndPassword(auth, email, password) + .then((userCredential) => { + // User is signed in. + // userCredential.user.tenantId is 'TENANT_ID'. + }).catch((error) => { + // Handle / display error. + // ... + }); + // [END multitenant_signup_password] +} + + +function passwordSignInWithTenant(auth, email, password) { + // [START multitenant_signin_password] + const { signInWithEmailAndPassword } = require("firebase/auth"); + auth.tenantId = 'TENANT_ID'; + + signInWithEmailAndPassword(auth, email, password) + .then((userCredential) => { + // User is signed in. + // userCredential.user.tenantId is 'TENANT_ID'. + }).catch((error) => { + // Handle / display error. + // ... + }); + // [END multitenant_signin_password] +} + +function samlSignInPopupTenant(auth, provider) { + // [START multitenant_signin_saml_popup] + const { signInWithPopup } = require("firebase/auth"); + // Switch to TENANT_ID1. + auth.tenantId = 'TENANT_ID1'; + + // Sign-in with popup. + signInWithPopup(auth, provider) + .then((userCredential) => { + // User is signed in. + const user = userCredential.user; + // user.tenantId is set to 'TENANT_ID1'. + // Provider data available from the result.user.getIdToken() + // or from result.user.providerData + }) + .catch((error) => { + // Handle / display error. + // ... + }); + // [END multitenant_signin_saml_popup] +} + +function samlSignInRedirectTenant(auth, provider) { + // [START multitenant_signin_saml_redirect] + const { signInWithRedirect, getRedirectResult } = require("firebase/auth"); + // Switch to TENANT_ID1. + auth.tenantId = 'TENANT_ID1'; + + // Sign-in with redirect. + signInWithRedirect(auth, provider); + + // After the user completes sign-in and returns to the app, you can get + // the sign-in result by calling getRedirectResult. However, if they sign out + // and sign in again with an IdP, no tenant is used. + getRedirectResult(auth) + .then((result) => { + // User is signed in. + // The tenant ID available in result.user.tenantId. + // Provider data available from the result.user.getIdToken() + // or from result.user.providerData + }) + .catch((error) => { + // Handle / display error. + // ... + }); + // [END multitenant_signin_saml_redirect] +} + +function sendSignInLinkToEmailTenant(auth, email, actionCodeSettings) { + // [START multitenant_send_emaillink] + const { sendSignInLinkToEmail } = require("firebase/auth"); + // Switch to TENANT_ID1 + auth.tenantId = 'TENANT_ID1'; + + sendSignInLinkToEmail(auth, email, actionCodeSettings) + .then(() => { + // The link was successfully sent. Inform the user. + // Save the email locally so you don't need to ask the user for it again + // if they open the link on the same device. + window.localStorage.setItem('emailForSignIn', email); + }) + .catch((error) => { + // Handle / display error. + // ... + }); + // [END multitenant_send_emaillink] +} + +function signInWithEmailLinkTenant(auth) { + // [START multitenant_signin_emaillink] + const { isSignInWithEmailLink, parseActionCodeURL, signInWithEmailLink } = require("firebase/auth"); + if (isSignInWithEmailLink(auth, window.location.href)) { + const actionCodeUrl = parseActionCodeURL(window.location.href); + if (actionCodeUrl.tenantId) { + auth.tenantId = actionCodeUrl.tenantId; + } + let email = window.localStorage.getItem('emailForSignIn'); + if (!email) { + // User opened the link on a different device. To prevent session fixation + // attacks, ask the user to provide the associated email again. For example: + email = window.prompt('Please provide your email for confirmation'); + } + // The client SDK will parse the code from the link for you. + signInWithEmailLink(auth, email, window.location.href) + .then((result) => { + // User is signed in. + // tenant ID available in result.user.tenantId. + // Clear email from storage. + window.localStorage.removeItem('emailForSignIn'); + }); + } + // [END multitenant_signin_emaillink] +} + +// Same as the code in auth/ since this is the admin SDK. +function createCustomTokenTenant(admin, uid) { + // [START multitenant_create_custom_token] + // Ensure you're using a tenant-aware auth instance + const tenantManager = admin.auth().tenantManager(); + const tenantAuth = tenantManager.authForTenant('TENANT_ID1'); + + // Create a custom token in the usual manner + tenantAuth.createCustomToken(uid) + .then((customToken) => { + // Send token back to client + }) + .catch((error) => { + console.log('Error creating custom token:', error); + }); + // [END multitenant_create_custom_token] +} + +function signInWithCustomTokenTenant(auth, token) { + // [START multitenant_signin_custom_token] + const { signInWithCustomToken } = require("firebase/auth"); + auth.tenantId = 'TENANT_ID1'; + + signInWithCustomToken(auth, token) + .catch((error) => { + // Handle / display error. + // ... + }); + // [END multitenant_signin_custom_token] +} + +function linkAccountTenant(auth, provider, email, password) { + // [START multitenant_account_linking] + const { signInWithPopup, EmailAuthProvider, linkWithCredential, SAMLAuthProvider, signInWithCredential } = require("firebase/auth"); + // Switch to TENANT_ID1 + auth.tenantId = 'TENANT_ID1'; + + // Sign-in with popup + signInWithPopup(auth, provider) + .then((userCredential) => { + // Existing user with e.g. SAML provider. + const prevUser = userCredential.user; + const emailCredential = + EmailAuthProvider.credential(email, password); + return linkWithCredential(prevUser, emailCredential) + .then((linkResult) => { + // Sign in with the newly linked credential + const linkCredential = SAMLAuthProvider.credentialFromResult(linkResult); + return signInWithCredential(auth, linkCredential); + }) + .then((signInResult) => { + // Handle sign in of merged user + // ... + }); + }) + .catch((error) => { + // Handle / display error. + // ... + }); + // [END multitenant_account_linking] +} + +function accountExistsPopupTenant(auth, samlProvider, googleProvider, goToApp) { + // [START multitenant_account_exists_popup] + const { signInWithPopup, fetchSignInMethodsForEmail, linkWithCredential } = require("firebase/auth"); + // Step 1. + // User tries to sign in to the SAML provider in that tenant. + auth.tenantId = 'TENANT_ID'; + signInWithPopup(auth, samlProvider) + .catch((error) => { + // An error happened. + if (error.code === 'auth/account-exists-with-different-credential') { + // Step 2. + // User's email already exists. + // The pending SAML credential. + const pendingCred = error.credential; + // The credential's tenantId if needed: error.tenantId + // The provider account's email address. + const email = error.email; + // Get sign-in methods for this email. + fetchSignInMethodsForEmail(email, auth) + .then((methods) => { + // Step 3. + // Ask the user to sign in with existing Google account. + if (methods[0] == 'google.com') { + signInWithPopup(auth, googleProvider) + .then((result) => { + // Step 4 + // Link the SAML AuthCredential to the existing user. + linkWithCredential(result.user, pendingCred) + .then((linkResult) => { + // SAML account successfully linked to the existing + // user. + goToApp(); + }); + }); + } + }); + } + }); + // [END multitenant_account_exists_popup] +} + +function accountExistsRedirectTenant(auth, samlProvider, googleProvider, goToApp) { + // [START multitenant_account_exists_redirect] + const { signInWithRedirect, getRedirectResult, fetchSignInMethodsForEmail, linkWithCredential } = require("firebase/auth"); + // Step 1. + // User tries to sign in to SAML provider. + auth.tenantId = 'TENANT_ID'; + signInWithRedirect(auth, samlProvider); + var pendingCred; + // Redirect back from SAML IDP. auth.tenantId is null after redirecting. + getRedirectResult(auth).catch((error) => { + if (error.code === 'auth/account-exists-with-different-credential') { + // Step 2. + // User's email already exists. + const tenantId = error.tenantId; + // The pending SAML credential. + pendingCred = error.credential; + // The provider account's email address. + const email = error.email; + // Need to set the tenant ID again as the page was reloaded and the + // previous setting was reset. + auth.tenantId = tenantId; + // Get sign-in methods for this email. + fetchSignInMethodsForEmail(auth, email) + .then((methods) => { + // Step 3. + // Ask the user to sign in with existing Google account. + if (methods[0] == 'google.com') { + signInWithRedirect(auth, googleProvider); + } + }); + } + }); + + // Redirect back from Google. auth.tenantId is null after redirecting. + getRedirectResult(auth).then((result) => { + // Step 4 + // Link the SAML AuthCredential to the existing user. + // result.user.tenantId is 'TENANT_ID'. + linkWithCredential(result.user, pendingCred) + .then((linkResult) => { + // SAML account successfully linked to the existing + // user. + goToApp(); + }); + }); + // [END multitenant_account_exists_redirect] +} \ No newline at end of file diff --git a/auth/multi-tenancy.js b/auth/multi-tenancy.js new file mode 100644 index 00000000..8afc1a5c --- /dev/null +++ b/auth/multi-tenancy.js @@ -0,0 +1,312 @@ +// These samples are intended for Web so this import would normally be +// done in HTML however using modules here is more convenient for +// ensuring sample correctness offline. +import firebase from "firebase/app"; +import "firebase/auth"; + +function setTenant() { + // [START multitenant_set_tenant] + const tenantId = "TENANT_ID1"; + firebase.auth().tenantId = tenantId; + // [END multitenant_set_tenant] +} + +function switchTenantSingleAuth() { + // [START multitenant_switch_tenant] + // One Auth instance + // Switch to tenant1 + firebase.auth().tenantId = "TENANT_ID1"; + // Switch to tenant2 + firebase.auth().tenantId = "TENANT_ID2"; + // Switch back to project level IdPs + firebase.auth().tenantId = null; + // [END multitenant_switch_tenant] +} + +function switchTenantMultiAuthInstance(config) { + // [START multitenant_switch_tenant_multiinstance] + // Multiple Auth instances + firebase.initializeApp(config, 'app1_for_tenantId1'); + firebase.initializeApp(config, 'app2_for_tenantId2'); + + const auth1 = firebase.app('app1').auth(); + const auth2 = firebase.app('app2').auth(); + + auth1.tenantId = "TENANT_ID1"; + auth2.tenantId = "TENANT_ID2"; + // [END multitenant_switch_tenant_multiinstance] +} + +function passwordSignInWithTenantDemo(email, password) { + // [START multitenant_signin_password_demo] + // Switch to TENANT_ID1 + firebase.auth().tenantId = 'TENANT_ID1'; + + // Sign in with tenant + firebase.auth().signInWithEmailAndPassword(email, password) + .then((result) => { + const user = result.user; + // user.tenantId is set to 'TENANT_ID1'. + // Switch to 'TENANT_ID2'. + firebase.auth().tenantId = 'TENANT_ID2'; + // firebase.auth().currentUser still point to the user. + // firebase.auth().currentUser.tenantId is 'TENANT_ID1'. + }); + + // You could also get the current user from Auth state observer. + firebase.auth().onAuthStateChanged((user) => { + if (user) { + // User is signed in. + // user.tenantId is set to 'TENANT_ID1'. + } else { + // No user is signed in. + } + }); + // [END multitenant_signin_password_demo] +} + +function signUpWithTenant(email, password) { + // [START multitenant_signup_password] + firebase.auth().tenantId = 'TENANT_ID'; + + firebase.auth().createUserWithEmailAndPassword(email, password) + .then((result) => { + // result.user.tenantId is 'TENANT_ID'. + }).catch((error) => { + // Handle error. + }); + // [END multitenant_signup_password] +} + + +function passwordSignInWithTenant(email, password) { + // [START multitenant_signin_password] + firebase.auth().tenantId = 'TENANT_ID'; + + firebase.auth().signInWithEmailAndPassword(email, password) + .then((result) => { + // result.user.tenantId is 'TENANT_ID'. + }).catch((error) => { + // Handle error. + }); + // [END multitenant_signin_password] +} + +function samlSignInPopupTenant(provider) { + // [START multitenant_signin_saml_popup] + // Switch to TENANT_ID1. + firebase.auth().tenantId = 'TENANT_ID1'; + + // Sign-in with popup. + firebase.auth().signInWithPopup(provider) + .then((result) => { + // User is signed in. + // tenant ID is available in result.user.tenantId. + // Identity provider data is available in result.additionalUserInfo.profile. + }) + .catch((error) => { + // Handle error. + }); + // [END multitenant_signin_saml_popup] +} + +function samlSignInRedirectTenant(provider) { + // [START multitenant_signin_saml_redirect] + // Switch to TENANT_ID1. + firebase.auth().tenantId = 'TENANT_ID1'; + + // Sign-in with redirect. + firebase.auth().signInWithRedirect(provider); + + // After the user completes sign-in and returns to the app, you can get + // the sign-in result by calling getRedirectResult. However, if they sign out + // and sign in again with an IdP, no tenant is used. + firebase.auth().getRedirectResult() + .then((result) => { + // User is signed in. + // The tenant ID available in result.user.tenantId. + // Identity provider data is available in result.additionalUserInfo.profile. + }) + .catch((error) => { + // Handle error. + }); + // [END multitenant_signin_saml_redirect] +} + +function sendSignInLinkToEmailTenant(email, actionCodeSettings) { + // [START multitenant_send_emaillink] + // Switch to TENANT_ID1 + firebase.auth().tenantId = 'TENANT_ID1'; + + firebase.auth().sendSignInLinkToEmail(email, actionCodeSettings) + .then(() => { + // The link was successfully sent. Inform the user. + // Save the email locally so you don't need to ask the user for it again + // if they open the link on the same device. + window.localStorage.setItem('emailForSignIn', email); + }) + .catch((error) => { + // Some error occurred, you can inspect the code: error.code + }); + // [END multitenant_send_emaillink] +} + +function signInWithEmailLinkTenant() { + // [START multitenant_signin_emaillink] + if (firebase.auth().isSignInWithEmailLink(window.location.href)) { + const actionCodeUrl = firebase.auth.ActionCodeURL.parseLink(window.location.href); + if (actionCodeUrl.tenantId) { + firebase.auth().tenantId = actionCodeUrl.tenantId; + } + let email = window.localStorage.getItem('emailForSignIn'); + if (!email) { + // User opened the link on a different device. To prevent session fixation + // attacks, ask the user to provide the associated email again. For example: + email = window.prompt('Please provide your email for confirmation'); + } + firebase.auth().signInWithEmailLink(email, window.location.href) + .then((result) => { + // User is signed in. + // tenant ID available in result.user.tenantId. + }); + } + // [END multitenant_signin_emaillink] +} + +function createCustomTokenTenant(admin, uid) { + // [START multitenant_create_custom_token] + // Ensure you're using a tenant-aware auth instance + const tenantManager = admin.auth().tenantManager(); + const tenantAuth = tenantManager.authForTenant('TENANT_ID1'); + + // Create a custom token in the usual manner + tenantAuth.createCustomToken(uid) + .then((customToken) => { + // Send token back to client + }) + .catch((error) => { + console.log('Error creating custom token:', error); + }); + // [END multitenant_create_custom_token] +} + +function signInWithCustomTokenTenant(token) { + // [START multitenant_signin_custom_token] + firebase.auth().tenantId = 'TENANT_ID1'; + + firebase.auth().signInWithCustomToken(token) + .catch((error) => { + // Handle Errors here. + const errorCode = error.code; + const errorMessage = error.message; + // ... + }); + // [END multitenant_signin_custom_token] +} + +function linkAccountTenant(provider, email, password) { + // [START multitenant_account_linking] + // Switch to TENANT_ID1 + firebase.auth().tenantId = 'TENANT_ID1'; + + // Sign-in with popup + firebase.auth().signInWithPopup(provider) + .then((result) => { + // Existing user with e.g. SAML provider. + const user = result.user; + const emailCredential = + firebase.auth.EmailAuthProvider.credential(email, password); + return user.linkWithCredential(emailCredential); + }) + .then((linkResult) => { + // The user can sign in with both SAML and email/password now. + }); + // [END multitenant_account_linking] +} + +function accountExistsPopupTenant(samlProvider, googleProvider, goToApp) { + // [START multitenant_account_exists_popup] + // Step 1. + // User tries to sign in to the SAML provider in that tenant. + firebase.auth().tenantId = 'TENANT_ID'; + firebase.auth().signInWithPopup(samlProvider) + .catch((error) => { + // An error happened. + if (error.code === 'auth/account-exists-with-different-credential') { + // Step 2. + // User's email already exists. + // The pending SAML credential. + const pendingCred = error.credential; + // The credential's tenantId if needed: error.tenantId + // The provider account's email address. + const email = error.email; + // Get sign-in methods for this email. + firebase.auth().fetchSignInMethodsForEmail(email) + .then((methods) => { + // Step 3. + // Ask the user to sign in with existing Google account. + if (methods[0] == 'google.com') { + firebase.auth().signInWithPopup(googleProvider) + .then((result) => { + // Step 4 + // Link the SAML AuthCredential to the existing user. + result.user.linkWithCredential(pendingCred) + .then((linkResult) => { + // SAML account successfully linked to the existing + // user. + goToApp(); + }); + }); + } + }); + } + }); + // [END multitenant_account_exists_popup] +} + +function accountExistsRedirectTenant(samlProvider, googleProvider, goToApp) { + // [START multitenant_account_exists_redirect] + // Step 1. + // User tries to sign in to SAML provider. + firebase.auth().tenantId = 'TENANT_ID'; + firebase.auth().signInWithRedirect(samlProvider); + var pendingCred; + // Redirect back from SAML IDP. auth.tenantId is null after redirecting. + firebase.auth().getRedirectResult().catch((error) => { + if (error.code === 'auth/account-exists-with-different-credential') { + // Step 2. + // User's email already exists. + const tenantId = error.tenantId; + // The pending SAML credential. + pendingCred = error.credential; + // The provider account's email address. + const email = error.email; + // Need to set the tenant ID again as the page was reloaded and the + // previous setting was reset. + firebase.auth().tenantId = tenantId; + // Get sign-in methods for this email. + firebase.auth().fetchSignInMethodsForEmail(email) + .then((methods) => { + // Step 3. + // Ask the user to sign in with existing Google account. + if (methods[0] == 'google.com') { + firebase.auth().signInWithRedirect(googleProvider); + } + }); + } + }); + + // Redirect back from Google. auth.tenantId is null after redirecting. + firebase.auth().getRedirectResult().then((result) => { + // Step 4 + // Link the SAML AuthCredential to the existing user. + // result.user.tenantId is 'TENANT_ID'. + result.user.linkWithCredential(pendingCred) + .then((linkResult) => { + // SAML account successfully linked to the existing + // user. + goToApp(); + }); + }); + // [END multitenant_account_exists_redirect] +} \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_account_exists_popup.js b/snippets/auth-next/multi-tenancy/multitenant_account_exists_popup.js new file mode 100644 index 00000000..43734616 --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_account_exists_popup.js @@ -0,0 +1,44 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_account_exists_popup_modular] +import { signInWithPopup, fetchSignInMethodsForEmail, linkWithCredential } from "firebase/auth"; +// Step 1. +// User tries to sign in to the SAML provider in that tenant. +auth.tenantId = 'TENANT_ID'; +signInWithPopup(auth, samlProvider) + .catch((error) => { + // An error happened. + if (error.code === 'auth/account-exists-with-different-credential') { + // Step 2. + // User's email already exists. + // The pending SAML credential. + const pendingCred = error.credential; + // The credential's tenantId if needed: error.tenantId + // The provider account's email address. + const email = error.email; + // Get sign-in methods for this email. + fetchSignInMethodsForEmail(email, auth) + .then((methods) => { + // Step 3. + // Ask the user to sign in with existing Google account. + if (methods[0] == 'google.com') { + signInWithPopup(auth, googleProvider) + .then((result) => { + // Step 4 + // Link the SAML AuthCredential to the existing user. + linkWithCredential(result.user, pendingCred) + .then((linkResult) => { + // SAML account successfully linked to the existing + // user. + goToApp(); + }); + }); + } + }); + } + }); +// [END multitenant_account_exists_popup_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_account_exists_redirect.js b/snippets/auth-next/multi-tenancy/multitenant_account_exists_redirect.js new file mode 100644 index 00000000..f8a3942d --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_account_exists_redirect.js @@ -0,0 +1,51 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_account_exists_redirect_modular] +import { signInWithRedirect, getRedirectResult, fetchSignInMethodsForEmail, linkWithCredential } from "firebase/auth"; +// Step 1. +// User tries to sign in to SAML provider. +auth.tenantId = 'TENANT_ID'; +signInWithRedirect(auth, samlProvider); +var pendingCred; +// Redirect back from SAML IDP. auth.tenantId is null after redirecting. +getRedirectResult(auth).catch((error) => { + if (error.code === 'auth/account-exists-with-different-credential') { + // Step 2. + // User's email already exists. + const tenantId = error.tenantId; + // The pending SAML credential. + pendingCred = error.credential; + // The provider account's email address. + const email = error.email; + // Need to set the tenant ID again as the page was reloaded and the + // previous setting was reset. + auth.tenantId = tenantId; + // Get sign-in methods for this email. + fetchSignInMethodsForEmail(auth, email) + .then((methods) => { + // Step 3. + // Ask the user to sign in with existing Google account. + if (methods[0] == 'google.com') { + signInWithRedirect(auth, googleProvider); + } + }); + } +}); + +// Redirect back from Google. auth.tenantId is null after redirecting. +getRedirectResult(auth).then((result) => { + // Step 4 + // Link the SAML AuthCredential to the existing user. + // result.user.tenantId is 'TENANT_ID'. + linkWithCredential(result.user, pendingCred) + .then((linkResult) => { + // SAML account successfully linked to the existing + // user. + goToApp(); + }); +}); +// [END multitenant_account_exists_redirect_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_account_linking.js b/snippets/auth-next/multi-tenancy/multitenant_account_linking.js new file mode 100644 index 00000000..c43ff90d --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_account_linking.js @@ -0,0 +1,34 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_account_linking_modular] +import { signInWithPopup, EmailAuthProvider, linkWithCredential, SAMLAuthProvider, signInWithCredential } from "firebase/auth"; +// Switch to TENANT_ID1 +auth.tenantId = 'TENANT_ID1'; + +// Sign-in with popup +signInWithPopup(auth, provider) + .then((userCredential) => { + // Existing user with e.g. SAML provider. + const prevUser = userCredential.user; + const emailCredential = + EmailAuthProvider.credential(email, password); + return linkWithCredential(prevUser, emailCredential) + .then((linkResult) => { + // Sign in with the newly linked credential + const linkCredential = SAMLAuthProvider.credentialFromResult(linkResult); + return signInWithCredential(auth, linkCredential); + }) + .then((signInResult) => { + // Handle sign in of merged user + // ... + }); + }) + .catch((error) => { + // Handle / display error. + // ... + }); +// [END multitenant_account_linking_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_create_custom_token.js b/snippets/auth-next/multi-tenancy/multitenant_create_custom_token.js new file mode 100644 index 00000000..1426cf8a --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_create_custom_token.js @@ -0,0 +1,20 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_create_custom_token_modular] +// Ensure you're using a tenant-aware auth instance +const tenantManager = admin.auth().tenantManager(); +const tenantAuth = tenantManager.authForTenant('TENANT_ID1'); + +// Create a custom token in the usual manner +tenantAuth.createCustomToken(uid) + .then((customToken) => { + // Send token back to client + }) + .catch((error) => { + console.log('Error creating custom token:', error); + }); +// [END multitenant_create_custom_token_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_send_emaillink.js b/snippets/auth-next/multi-tenancy/multitenant_send_emaillink.js new file mode 100644 index 00000000..4c4d95c5 --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_send_emaillink.js @@ -0,0 +1,23 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_send_emaillink_modular] +import { sendSignInLinkToEmail } from "firebase/auth"; +// Switch to TENANT_ID1 +auth.tenantId = 'TENANT_ID1'; + +sendSignInLinkToEmail(auth, email, actionCodeSettings) + .then(() => { + // The link was successfully sent. Inform the user. + // Save the email locally so you don't need to ask the user for it again + // if they open the link on the same device. + window.localStorage.setItem('emailForSignIn', email); + }) + .catch((error) => { + // Handle / display error. + // ... + }); +// [END multitenant_send_emaillink_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_set_tenant.js b/snippets/auth-next/multi-tenancy/multitenant_set_tenant.js new file mode 100644 index 00000000..9510bc5e --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_set_tenant.js @@ -0,0 +1,12 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_set_tenant_modular] +import { getAuth } from "firebase/auth"; +const auth = getAuth(); +const tenantId = "TENANT_ID1"; +auth.tenantId = tenantId; +// [END multitenant_set_tenant_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_signin_custom_token.js b/snippets/auth-next/multi-tenancy/multitenant_signin_custom_token.js new file mode 100644 index 00000000..b9fa9c58 --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_signin_custom_token.js @@ -0,0 +1,16 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_signin_custom_token_modular] +import { signInWithCustomToken } from "firebase/auth"; +auth.tenantId = 'TENANT_ID1'; + +signInWithCustomToken(auth, token) + .catch((error) => { + // Handle / display error. + // ... + }); +// [END multitenant_signin_custom_token_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_signin_emaillink.js b/snippets/auth-next/multi-tenancy/multitenant_signin_emaillink.js new file mode 100644 index 00000000..0032af1c --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_signin_emaillink.js @@ -0,0 +1,29 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_signin_emaillink_modular] +import { isSignInWithEmailLink, parseActionCodeURL, signInWithEmailLink } from "firebase/auth"; +if (isSignInWithEmailLink(auth, window.location.href)) { + const actionCodeUrl = parseActionCodeURL(window.location.href); + if (actionCodeUrl.tenantId) { + auth.tenantId = actionCodeUrl.tenantId; + } + let email = window.localStorage.getItem('emailForSignIn'); + if (!email) { + // User opened the link on a different device. To prevent session fixation + // attacks, ask the user to provide the associated email again. For example: + email = window.prompt('Please provide your email for confirmation'); + } + // The client SDK will parse the code from the link for you. + signInWithEmailLink(auth, email, window.location.href) + .then((result) => { + // User is signed in. + // tenant ID available in result.user.tenantId. + // Clear email from storage. + window.localStorage.removeItem('emailForSignIn'); + }); +} +// [END multitenant_signin_emaillink_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_signin_password.js b/snippets/auth-next/multi-tenancy/multitenant_signin_password.js new file mode 100644 index 00000000..73642a8d --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_signin_password.js @@ -0,0 +1,19 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_signin_password_modular] +import { signInWithEmailAndPassword } from "firebase/auth"; +auth.tenantId = 'TENANT_ID'; + +signInWithEmailAndPassword(auth, email, password) + .then((userCredential) => { + // User is signed in. + // userCredential.user.tenantId is 'TENANT_ID'. + }).catch((error) => { + // Handle / display error. + // ... + }); +// [END multitenant_signin_password_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_signin_password_demo.js b/snippets/auth-next/multi-tenancy/multitenant_signin_password_demo.js new file mode 100644 index 00000000..87882773 --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_signin_password_demo.js @@ -0,0 +1,33 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_signin_password_demo_modular] +import { signInWithEmailAndPassword, onAuthStateChanged } from "firebase/auth"; +// Switch to TENANT_ID1 +auth.tenantId = 'TENANT_ID1'; + +// Sign in with tenant +signInWithEmailAndPassword(auth, email, password) + .then((userCredential) => { + // User is signed in. + const user = userCredential.user; + // user.tenantId is set to 'TENANT_ID1'. + // Switch to 'TENANT_ID2'. + auth.tenantId = 'TENANT_ID2'; + // auth.currentUser still points to the user. + // auth.currentUser.tenantId is 'TENANT_ID1'. + }); + +// You could also get the current user from Auth state observer. +onAuthStateChanged(auth, (user) => { + if (user) { + // User is signed in. + // user.tenantId is set to 'TENANT_ID1'. + } else { + // No user is signed in. + } +}); +// [END multitenant_signin_password_demo_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_signin_saml_popup.js b/snippets/auth-next/multi-tenancy/multitenant_signin_saml_popup.js new file mode 100644 index 00000000..6aa90550 --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_signin_saml_popup.js @@ -0,0 +1,25 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_signin_saml_popup_modular] +import { signInWithPopup } from "firebase/auth"; +// Switch to TENANT_ID1. +auth.tenantId = 'TENANT_ID1'; + +// Sign-in with popup. +signInWithPopup(auth, provider) + .then((userCredential) => { + // User is signed in. + const user = userCredential.user; + // user.tenantId is set to 'TENANT_ID1'. + // Provider data available from the result.user.getIdToken() + // or from result.user.providerData + }) + .catch((error) => { + // Handle / display error. + // ... + }); +// [END multitenant_signin_saml_popup_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_signin_saml_redirect.js b/snippets/auth-next/multi-tenancy/multitenant_signin_saml_redirect.js new file mode 100644 index 00000000..d3552a56 --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_signin_saml_redirect.js @@ -0,0 +1,29 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_signin_saml_redirect_modular] +import { signInWithRedirect, getRedirectResult } from "firebase/auth"; +// Switch to TENANT_ID1. +auth.tenantId = 'TENANT_ID1'; + +// Sign-in with redirect. +signInWithRedirect(auth, provider); + +// After the user completes sign-in and returns to the app, you can get +// the sign-in result by calling getRedirectResult. However, if they sign out +// and sign in again with an IdP, no tenant is used. +getRedirectResult(auth) + .then((result) => { + // User is signed in. + // The tenant ID available in result.user.tenantId. + // Provider data available from the result.user.getIdToken() + // or from result.user.providerData + }) + .catch((error) => { + // Handle / display error. + // ... + }); +// [END multitenant_signin_saml_redirect_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_signup_password.js b/snippets/auth-next/multi-tenancy/multitenant_signup_password.js new file mode 100644 index 00000000..d89d5edf --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_signup_password.js @@ -0,0 +1,19 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_signup_password_modular] +import { createUserWithEmailAndPassword } from "firebase/auth"; +auth.tenantId = 'TENANT_ID'; + +createUserWithEmailAndPassword(auth, email, password) + .then((userCredential) => { + // User is signed in. + // userCredential.user.tenantId is 'TENANT_ID'. + }).catch((error) => { + // Handle / display error. + // ... + }); +// [END multitenant_signup_password_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_switch_tenant.js b/snippets/auth-next/multi-tenancy/multitenant_switch_tenant.js new file mode 100644 index 00000000..455e4e3b --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_switch_tenant.js @@ -0,0 +1,15 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_switch_tenant_modular] +// One Auth instance +// Switch to tenant1 +auth.tenantId = "TENANT_ID1"; +// Switch to tenant2 +auth.tenantId = "TENANT_ID2"; +// Switch back to project level IdPs +auth.tenantId = null; +// [END multitenant_switch_tenant_modular] \ No newline at end of file diff --git a/snippets/auth-next/multi-tenancy/multitenant_switch_tenant_multiinstance.js b/snippets/auth-next/multi-tenancy/multitenant_switch_tenant_multiinstance.js new file mode 100644 index 00000000..72550493 --- /dev/null +++ b/snippets/auth-next/multi-tenancy/multitenant_switch_tenant_multiinstance.js @@ -0,0 +1,19 @@ +// This snippet file was generated by processing the source file: +// ./auth-next/multi-tenancy.js +// +// To update the snippets in this file, edit the source and then run +// 'npm run snippets'. + +// [START multitenant_switch_tenant_multiinstance_modular] +// Multiple Auth instances +import { initializeApp } from "firebase/app"; +import { getAuth } from "firebase/auth"; +const firebaseApp1 = initializeApp(firebaseConfig1, 'app1_for_tenantId1'); +const firebaseApp2 = initializeApp(firebaseConfig2, 'app2_for_tenantId2'); + +const auth1 = getAuth(firebaseApp1); +const auth2 = getAuth(firebaseApp2); + +auth1.tenantId = "TENANT_ID1"; +auth2.tenantId = "TENANT_ID2"; +// [END multitenant_switch_tenant_multiinstance_modular] \ No newline at end of file