
Google Login will be mandatory for Firebase accounts - dinosaurs
https://groups.google.com/forum/#!topic/firebase-talk/13QtLRCiIv4
======
boulos
A Google Login isn't as drastic as it used to be. From the FAQ:

> I don't have an existing Google account and I don't want to sign up for
> Gmail, Google+, or any other Google services. What should I do?

It is easy to create a Google account for any existing email address without
tying it to any Google services. It will only be used for identification and
login. You can sign up for this "slimmed down" Google account here. You can
also create this type of Google account via the existing migration flow on
firebase.com.

~~~
stephenr
Does this still have the nasty side-affect of meaning anyone using Google
email services can't send you regular calendar invites by email any more?

When I made the mistake of creating a google account using an existing email
address, they apparently created a google calendar account for me, and then
any Gmail/Google Apps email invites sent to my email address, never reached
me, because they would get diverted straight to this Google calendar account I
had no knowledge of, or desire for.

~~~
marssaxman
Same kind of thing happened to me with google chat, years ago, when it was an
xmpp service. They turned it into a gmail account and automatically inserted
it into the address book of everyone I chatted with, and it was close to half
a year of confusion before I worked out why certain people just couldn't seem
to get in touch with me anymore.

------
stephengoodwin
Context: Firebase was bought by Google in 2014[1]

[1] [http://techcrunch.com/2014/10/21/google-acquires-firebase-
to...](http://techcrunch.com/2014/10/21/google-acquires-firebase-to-help-
developers-build-better-realtime-apps/)

------
JoshMnem
This only means that the developers have to login with a Google account?
Firebase is a Google-owned product, so why would that be a surprise? It
doesn't sound like your app's users have to login with Google.

Edit: if you don't want someone telling you how to login, maybe check out
Kinto?

[http://kinto.readthedocs.org/en/latest/overview.html](http://kinto.readthedocs.org/en/latest/overview.html)

------
jessaustin
I didn't know about this:
[https://accounts.google.com/SignUpWithoutGmail](https://accounts.google.com/SignUpWithoutGmail)

~~~
boulos
Sadly HN's URL trimmer buries the lede here: /SignUpWithoutGmail (see my other
comment for where this came from James's FAQ).

~~~
jessaustin
Are you on a phone? I don't see any trimming, either logged in or from an
incognito window.

~~~
boulos
Ha, yes sorry about that (I've gotten so used to the new responsive thing I
didn't even think twice about it).

------
ChrisClark
Sure, don't mind.

------
aleem
Firebase has stagnated for quite some time now. Months ago I mailed them about
Twitter now allowing email addresses in their Auth but Firebase has yet to
catch up. This means you cannot get email addresses of users signing up via
Twitter. They suggested I manually ask the user to type it in, which obviously
defeats the purpose of OAuth.

A request has been pending for over a year to add the client IP in their
ServerValue response which is a common security ask but the boilerplate
response of we're working on it has got no traction.

They still don't have a password reset email template so you must use the
forgot pass template.

Even so, their forgot password mail adds the username in the URL. If like me,
you use the email address as the username this won't work. That's because they
don't encode the email address in the URL. I brought this up months ago, they
acknowledged the bug and then suggested I manually ask the user to type it in.
This still doesn't work.

There were some other issues but I gave up on the service.

------
sbashyal
I really hope that the next generation of companies founded and run by people
who grew up being on the other side will refrain from making this kind of
decisions.

~~~
geofft
Why do you object to this decision?

If I'm building a service that needs an account system with 2FA, detection of
automated attacks, and some decent amount of internal security, I am surely
not going to build it myself. It is just like rolling my own crypto in all the
wrong ways.

There are a couple of providers that will do this for me, for free: Google,
Facebook, Twitter, Amazon, and GitHub come to mind. Each has some tradeoffs of
public perception, losing audience members who refuse to have an X account,
etc., but it's mostly a tossup. For a technical service like this I might have
gone with GitHub, but if they're owned by Google, having only Google logins
seems like the right choice. (Among other things, you already _have_ a Google
account in a sense when using Firebase, it's just run by a separate team at
Google.)

Sandstorm, a project that encourages you to _self-host_ all your web services,
came to the same conclusion:

[https://github.com/sandstorm-
io/sandstorm/issues/150#issueco...](https://github.com/sandstorm-
io/sandstorm/issues/150#issuecomment-62084752)

Is there a better third-party alternative here, or a way to do this securely
and easily yourself that I'm missing?

~~~
ryanobjc
This announcement is about the developer login, not the user login.

Firebase apps can keep on logging users in via github, facebook, many others,
and yes also google. It's up to the firebase dev to config that.

------
iLoch
I was gonna write a long post about how Google just doesn't get it, but I
think I give up.

~~~
pbreit
The 4th most valuable company in the world after only 17 years "doesn't get
it"? Yes, you should give up.

------
vonklaus
I think it is pretty fucked up that google is bundling their free email,
storage and suite of office products with their free/low cost nosql database.

There just aren't any noSQL options out there right now.

~~~
jessaustin
"whoosh"

[hint for ESL folks: the adjective "free" used twice]

~~~
vonklaus
Haha and people ask why I use satire tags when it is "obvious". Also, a good
hint was the lack of noSQL options in the marketplace....

