- Status: Superceded by 2021-11 User Authentication]
- Last Updated: 2021-07
- Objective: How should we implement SSO/Authentication?
Cloud Identity Platform is a Google Cloud-specific layer on top of Firebase Auth that provides several useful capabilities within GCP itself:
- Built-in user account management tools available in the Cloud Console.
- Identity federation, which combines sign-ons from a wide variety of identity providers (such as Google, Apple, and GitHub) into a single user identity.
The other option we reviewed, Google Sign-in, did not have either of these capabilities that we might want to use later on. Thus, we decided to go with Cloud Identity Platform to "future-proof" our design.
Finally, we did not want to deal with the hassle of managing user credentials (such as passwords) ourselves. Though this option gives the most customizability, we thought that the greater simplicity of Cloud Identity Platform was worth trading some flexibility for.
In the unlikely event that we need to do something not supported by Cloud Identity Platform, then we may want to consider implementing a username/password-based authentication system for additional flexibility.