Skip to main content

Overview

TradeMaster Transactions supports multiple authentication providers to secure your platform. The system is built with flexibility in mind, allowing you to choose between Firebase Authentication and Auth0 based on your organizational needs.

Authentication Providers

Firebase Authentication

Firebase is the primary authentication provider for TMT, offering comprehensive user management and session handling.

Configuration

Configure Firebase in your application by setting up the Firebase config object:
guards/firebase/Firebase.js
const firebaseConfig = {
  apiKey: "YOUR_API_KEY",
  authDomain: "YOUR_PROJECT.firebaseapp.com",
  projectId: "YOUR_PROJECT_ID",
  storageBucket: "YOUR_PROJECT.appspot.com",
  messagingSenderId: "YOUR_SENDER_ID",
  appId: "YOUR_APP_ID"
};
Never commit your actual Firebase credentials to version control. Use environment variables instead.

Supported Authentication Methods

Firebase authentication in TMT supports multiple sign-in methods:

Email/Password

Traditional email and password authentication with secure password reset functionality.

Google OAuth

One-click sign-in with Google accounts using OAuth 2.0.

Facebook OAuth

Social authentication through Facebook Login.

Twitter OAuth

Sign in with Twitter credentials.

Implementation Details

The Firebase authentication context (FirebaseContext.js) handles:
  • User Session Management: Automatic session tracking with onAuthStateChanged
  • User Status Validation: Checks user status in Firestore (u_clients collection)
  • IP Tracking: Records last access IP and timestamp for security auditing
  • Profile Data: Syncs user profile data from Firestore to the application state
// Authentication state listener
firebase.auth().onAuthStateChanged(async (user) => {
  if (user) {
    const querySnapshot = await Firestore.collection('u_clients')
      .doc(user.uid)
      .get();
    
    if (querySnapshot.data()?.status !== true) {
      logout(); // Inactive users are logged out
    }
  }
});

Auth0 Integration

Auth0 provides enterprise-grade authentication with advanced security features.

Configuration

Set up Auth0 in guards/auth0/Auth0Context.js: 
const auth0Config = {
  client_id: 'YOUR_CLIENT_ID',
  domain: 'YOUR_DOMAIN.us.auth0.com',
};

Auth0 Features

Auth0 enables SSO across multiple applications, allowing users to authenticate once and access all connected services.
Add an extra layer of security with MFA options including SMS, authenticator apps, and email verification.
Connect with major identity providers including Google, Facebook, LinkedIn, and more.
Support for SAML, LDAP, and Active Directory for enterprise authentication.

Authentication Flow

1

User Initiates Login

User enters credentials or selects social authentication provider.
2

Provider Validation

Authentication provider (Firebase/Auth0) validates credentials.
3

User Status Check

System verifies user account is active in Firestore.
4

Session Creation

User data is loaded and authentication state is dispatched to Redux store.
5

Redirect to Dashboard

User is redirected to the appropriate dashboard based on their account type.

User Account Types

TMT supports different account types with varying levels of access:
Account TypeDescriptionPrimary Use Case
AdministradorFull platform accessSystem administrators
ClienteClient portal accessEvent organizers and clients
CoordinadorEvent coordinationEvent managers
ContadorFinancial accessAccounting team
SoporteSupport accessCustomer support staff

Security Best Practices

Critical Security Measures
  • Always use HTTPS in production environments
  • Implement rate limiting on authentication endpoints
  • Enable Firebase App Check to prevent abuse
  • Regularly audit user access logs
  • Use strong password policies (minimum 8 characters, mixed case, numbers)

Password Reset Flow

Firebase provides built-in password reset functionality: 
const ResetPassword = (email) =>
  firebase.auth().sendPasswordResetEmail(email);

Session Management

User sessions are managed through Redux state and synchronized with Firebase:
store/apps/auth/authSlice.js
const authSlice = createSlice({
  name: 'auth',
  initialState: {
    isAuthenticated: false,
    isInitialized: false,
    user: null,
  },
  reducers: {
    authStateChanged(state, action) {
      const { isAuthenticated, user } = action.payload;
      state.isAuthenticated = isAuthenticated;
      state.isInitialized = true;
      state.user = user;
    },
  },
});

IP Tracking and Audit Logs

TMT automatically tracks user access for security monitoring: 
const queryIP = await fetch('https://ipapi.co/json/');
const data = await queryIP.json();

await Firestore.collection('u_clients').doc(user.uid).update({
  "date.last_access": firebase.firestore.FieldValue.serverTimestamp(),
  last_IP: data.ip
});

Troubleshooting

  1. Verify Firebase/Auth0 configuration is correct
  2. Check that user’s status field is set to true in Firestore
  3. Ensure email is verified (if email verification is enabled)
  4. Check browser console for authentication errors
Adjust Firebase session duration in Firebase Console under Authentication > Settings > Session Management.
  1. Verify OAuth credentials in Firebase Console
  2. Ensure authorized redirect URIs are configured correctly
  3. Check that social provider apps are in production mode

Next Steps

Permissions

Configure role-based access control with CASL

Platform Settings

Set up platform-wide configuration

Build docs developers (and LLMs) love

Get started for freeTalk to us