← knowledge.oriz.in

Layer 3 — auth on Firebase Spark forever

architecture architectureauthfirebasesparklayer-3

Layer 3 — auth on Firebase Spark forever

Concept

The family runs ONE Firebase project (oriz-app) on the Spark plan, forever. Never Blaze. Spark's failure mode is "service stops at quota" — the only failure mode without a financial ceiling. Custom auth domain auth.oriz.in lets the same Firebase user sign in across every *.oriz.in site and every extension.

How it works

Why this shape

The 5-figure Firebase bill-shock incidents documented in 2025-2026 (simmer.io ~$98K, Tamara ~$70K, €54K Gemini key) all required Blaze. Cloud Spend Caps from Cloud Next '26 are private preview AND don't cover Firestore / Storage / Hosting. The Cyclenerd Terraform killswitch lags hours-to-days behind actual spend. Spark is the only Firebase tier where "card never on file" is enforced by Google itself.

Cross-refs