Firebase
Feature availability
Section titled “Feature availability”| Feature | Support |
|---|---|
| User management | ✅ Full |
| Organizations | ❌ |
| Audit logs | ⚠️ Basic (requires Google Cloud Logging) |
-
Create a Firebase project
Go to console.firebase.google.com and create a project, or use an existing one.
-
Enable Firebase Authentication
In the Firebase console: Authentication → Get started. Enable the sign-in methods your users need.
-
Enable Firestore
In the Firebase console: Firestore Database → Create database. Choose production mode and select a region.
AUMS uses Firestore to store organization data. The collection is created automatically on first use.
-
Create a service account
In the Firebase console: Project Settings → Service accounts → Generate new private key.
Download the JSON key file. Keep it secure — it grants admin access to your Firebase project.
-
Set environment variables
Extract values from the downloaded JSON key:
Terminal window PROVIDER=firebaseFIREBASE_PROJECT_ID=your-project-idFIREBASE_CLIENT_EMAIL=firebase-adminsdk-xxxxx@your-project-id.iam.gserviceaccount.comFIREBASE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
Firestore security rules
Section titled “Firestore security rules”AUMS accesses Firestore via the Admin SDK (bypasses security rules). If you also access the same Firestore from a client application, configure rules to restrict client-side access to the AUMS organization collections.
OIDC login (optional)
Section titled “OIDC login (optional)”To protect the AUMS dashboard with Firebase SSO, use the Google OIDC provider:
AUTH_CLIENT_OPENID_CONFIGURATION_URL=https://accounts.google.comAUTH_CLIENT_ID=your-oauth-client-id.apps.googleusercontent.comAUTH_CLIENT_SECRET=your-oauth-client-secretCreate OAuth 2.0 credentials in Google Cloud Console and add <BASE_URL>/api/auth/callback/oidc to the authorized redirect URIs.