In the previous step, the wiki was deployed, but we could not yet log in.

Enabling firebase auth providers

Firebase supports a wide range of authentication options. We'll turn on two of these: email & password and Google single sign-on (SSO).

In the Firebase admin, click on Authentication under Build.

Click on Get started. A list of authentication providers should appear. Clicking on the pencil icon near the right side of each item will trigger a dialog which enables the given mechanism.

Email/Password

Enable the provider, but don't enable email-based passwordless logins.

Google

Set project support email. The optional configuration options below can be skipped.

With that, the authentication providers are ready. In the list of providers, Email and Google should have Enabled as their status:

It's time to sign into our wiki for the first time!

Providing admin permissions on the wiki

After signing in with our Google account, we should see something like this:

That is, we get an HTTP permission denied error (403) for a request to recipes/default/tiddlers/.

Anyone can sign into a firebase web app with their Google account once this auth provider is enabled in firebase. Authentication is now complete, but the freshly signed in user must be authorized to access the wiki.

The body of the failed HTTP request provides more information: no read access granted to neumark.peter@gmail.com with role 1 on wiki testwiki recipe default. How does the API know which users have access? Access to tiddlers is tied to roles, which are stored in a tiddler. Run:

./scripts/cli.sh setrole foo@bar.com admin

Where foo@bar.com is replaced with the email address associated with your Google account. Now you should be able to log in!

Enjoy your wiki!