type: decision
status: active
timestamp: 2026-06-20
tags: [decisions, security, auth, firebase, microsoft, passkeys]

Multi-provider auth — 6 providers on Firebase Auth, Apple deferred

Firebase Auth: 6 providers (Email, Google, GitHub, Anonymous, MS, Passkeys)

Multi-provider auth — 6 providers on Firebase Auth, Apple deferred

Decision

The family’s single Firebase Auth project (oriz-app) enables exactly six sign-in providers, in this order in the <AccountPanel> UI:

  1. Email link (passwordless magic-link)
  2. Google (one-tap)
  3. GitHub
  4. Anonymous
  5. Microsoft — NEW 2026-06-20
  6. Passkeys / WebAuthn — NEW 2026-06-20

Apple is deferred — added only when the family ships its first iOS app (Apple Store policy makes it mandatory only there). Phone, Twitter / X, and Facebook are explicitly rejected.

Why

Implications

What we don’t do

Cross-refs


Edit on GitHub · Back to index