type: service
status: active
timestamp: 2026-06-20
tags: [auth, firebase, providers, primary]
status: active
timestamp: 2026-06-20
tags: [auth, firebase, providers, primary]
Firebase Auth provider list
6 sign-in providers wired into family Firebase Auth project
Firebase Auth provider list
This file lists every sign-in provider enabled on the family’s
oriz-app Firebase Auth project. The auth backend itself is
documented in firebase-spark.md; this is
the providers-and-roles view.
The 6 active providers
| Provider | Status | Role | File |
|---|---|---|---|
| Email link (passwordless) | active | Lowest-friction sign-up — magic link to inbox | (built-in to Firebase Auth) |
| active | One-tap sign-in for the largest user pool | (built-in) | |
| GitHub | active | Developer-audience sites + extension publishers | (built-in) |
| Anonymous | active | Pre-account state — preserves UID across upgrade | (built-in) |
| Microsoft | active (NEW 2026-06-20) | Entra ID + personal accounts; Azure-stack alignment | microsoft-sign-in.md |
| Passkeys / WebAuthn | active (NEW 2026-06-20) | Phish-resistant, passwordless | passkeys.md |
Deferred / not yet enabled
| Provider | Status | When |
|---|---|---|
| Apple | deferred | Only when the family ships an iOS app — Apple’s “Sign in with Apple” is a Store requirement only at that point |
| Phone | rejected | SMS costs money even on Spark; phishable; redundant with passkeys |
| Twitter / X | rejected | OAuth gates behind paid API tier (2026) |
| rejected | Disproportionate privacy-policy work for low marginal sign-ins |
Card / subscription required?
NO. All 6 active providers + Apple (when added) are native to Firebase Auth on the Spark plan. Microsoft’s Entra ID app registration is free; passkey verification is free. No paid provider, no SMS, no per-MAU billing.
Why this set
- Email link — the universal “I don’t want another account” path.
- Google — biggest existing-account pool; one tap.
- GitHub — every developer reading the family’s blogs / docs / extensions already has one.
- Anonymous — lets users use the site before deciding to sign in; the anon UID upgrades into a real account preserving all data.
- Microsoft — added 2026-06-20 to align with Azure for Students usage and the chunk of users who only have a work / school Entra ID identity.
- Passkeys — added 2026-06-20 because passwordless + phish-resistant is now mainstream (2026), and the UX is free from the OS.
- Apple deferred because the only place the family is required to offer it is the iOS App Store — and the iOS app doesn’t exist yet. Adding it earlier is dead surface area + an extra Apple Developer Program cost ($99/yr).
Implementation notes
- Single Firebase project:
oriz-app. - Single auth domain:
auth.oriz.in(Firebase Auth’s hosted handler, custom-domained). - Every site’s
<AccountPanel>reads from[data-oriz-account-*]hooks — adding / removing a provider only flips a feature flag, no per-site code change. - Provider client IDs / secrets live in Doppler under the
oriz-firebaseproject, synced to Firebase config.
Cross-refs
- Multi-provider auth decision (2026-06-20)
- Firebase Spark — the auth + DB backend
- microsoft-sign-in.md
- passkeys.md
- App Check — gates Firestore behind verified clients
- reCAPTCHA Enterprise — App Check attestation provider
- glossary/auth-domain