Doubt: what is the purpose of this library?

[marcoancona]

I apologize for this question, but I am struggling to figure out the Cordova / Ionic / Capacitor ecosystem.

What is the point of this library if all its methods are already provided by firebase-js-sdk auth module?

What would be useful is signInWithRedirect() to handle the OAuth logic that firebase-js-sdk does not (?) support on Ionic, but my understanding is that this library does not provide this. What is the recommended way of implementing OAuth on a Capacitor app? Information online is inconsistent or outdated.

[aml25]

When I first read this I was confused why you'd doubt the purpose of this, but after some digging and testing different things I agree with you. Firebase Web implementation works fine for Cordova and I'm not sure why you need a wrapper Cordova plugin for it...

[sadiss]

I came here searching the answer of same question. I hope Author will soon help us out.

[imranaalam]

its the IOS part of Cordova that is accomplished by using the silent apple notification feature of IOS. Android part and web part are surely doing fine with other libraries.

But, what is this /ngx part i am confused with ; its added in end of the imp[ort; why so?

[benedictjohannes]

@marcoancona @aml25 @sadiss
I am observing the code for Android. This plugin appears to connect to firebase on the Android, but in order to authenticate/sign in, we need to supply user data to the plugin (i.e. getting google id and access token), where we need to hunt for other libraries to get that.

After digging in this repo and following other infos, I came up on https://github.com/baumblatt/capacitor-firebase-auth, that appears to get the data for us from native platform (appears to use java code to get Google / FB user), initialize firebase on web and return to us a friendlier Firebase instance. I'm testing it after installing this and @ionic-native/firebase-authentication seems to break my blank-project Android build.

[phcoliveira]

I also have this doubt, but I imagine its purpose. For example, I signed a newspaper app and it is very likely that it uses a webview. I used my personal gmail for creating an account on that newspaper's website. Then, when trying to login on the app, I saw something very suspicious. Instead of calling out the native "accounts" api from my phone, the app redirect itself to Google's sign in page. This is very problematic, IMO. In this app/webview, I was not signed in. Also, the webview does not allow me to see the current URL so I could be sure that I was in fact at Google's domain. So I did not provide my email and password because that sign in page was totally sketchy to me. It is very easy to mock up Google's sign in page, and should this app be malicious, it would have my credentials to my personal email. So I guess this is why we need to invoke the native authentication system.

@marcoancona, @aml25, @sadiss, @benedictjohannes