FR: Auth across subdomains

[gkadillak]

[REQUIRED] Describe your environment

• Operating System version: macOS Mojave Version 10.14.6
• Browser version: Google Chrome Version 74.0.3729.131
• Firebase SDK version: 5.5.9
• Firebase Product: auth

[REQUIRED] Describe the problem

Steps to reproduce:

We've transitioned to using Firebase for auth and the desire is to now use Firebase across subdomains, which Firebase does not support out of the box. I've done my research and I see that there's been a few forum items requesting this exact feature here and here. Ultimately, the posts link to this stackoverflow issue. As far as I can tell, the best reason for this is:

Firebase only supports single host origin sessions

Why is this a limitation for Firebase? The stackoverflow item also states that

Firebase Auth is looking into supporting cookies.

What is the status of this? Has it been funded? Is there a way to see progress of this project somewhere? We have a strong desire to avoid rolling our own subdomain auth system, so looking forward to hearing your response 🙂

[jorroll]

I wrote a blog post a while back describing how you can accomplish this using the current firebase auth API. Official support making this easier would still be very nice though.

[VFertak]

Hi, any progress on this issue?

[sam-gc]

Hi, while this is not currently on our roadmap we have added this as a feature request to our tracker (for internal folks: b/162973088).

[VFertak]

@samhorlbeck thanks a lot. Any workaround suggestions from your side?

[sam-gc]

I think @bojeil-google's response and discussion in the Stackoverflow response proposes the best workaround for the time being.

[joaoaguiam]

Any idea if this feature is coming up soon to the firebase Auth sdk? Would love to have it to avoid building the workaround solution.

[c10r]

+1 would love to see this!

[drummerjolev]

Joining everyone here – would be awesome to have official support for this!

[cnovoab]

+1!

[Karman40]

+1

[samuelkarani]

+1

[jKostet]

Hi, recently started building on Firebase and it's been great so far. Then I ran into this which is kind of a bummer. Having to login again will suffice for now, but it would be great to offer a smoother experience to users.

Any update on status of this on the FR list or possibly on the roadmap?

Thanks!

[konojunya]

+1

[technopahadi]

We need native support for auth across subdomains! +1

[digibake]

Hi,

It really would be useful to have an option to keep users signed in across subdomains. There are many good reasons why a team might want to have a blog, or some documentation, or a marketing campaign (etc) hosted on a separate subdomain and not have to require the user to sign in and out of each one separately. Not least, because it's much easier for a development team to build a quick micro-site than have to battle with one great big monolithic website.

This issue has been open for three years so I'm assuming that there's a good reason why authentication has not been implemented across subdomains, but could someone comment if there's an active plan to implement this? For example, in 1 year, 3 years, 5 years or is it really absolutely impossible to do safely due to the security implications, or just the way the browser works?

Knowing that would help me plan the architecture for a new project. Thanks

[elucidsoft]

+1 This needs to be added as a priority item!

[ivangusev]

+1