Im developing a backend for mobile which is using Firebase for authentication and authorization. When the mobile ends the authentication process it sends through http methods to my backend an idToken signed by Google, which then I verify the signature and payload of the provided idtoken.
Is there a way to get the idToken from Google Firebase Console?
At the time I only figured out how to get it from mobile through a method called getIdToken for Kotlin. I can't keep getting the token this way, I need to do it without the mobile.
Thanks!
There is no server-side API to get ID tokens of your users from Firebase Authentication. You will have to get it on the client, and pass it to your server to be verified, exactly as you already seem to be doing.
That is also the process that the Firebase services and SDKs themselves follow, so you might want to reconsider whether this is feasible for your use-case too, or edit your question to better explain why it isn't possible.
Related
I'm using firebase rest API and I'm trying to imitate firebase.auth().signOut(). I imagine I would go ahead and invalidate the firebase ID token. Is that the proper way to do so or should I just let the token expire on its own?
Just delete the client token from memory and storage so that it doesn't get used again. That's basically what the client SDKs will do. The backend doesn't retain any sense a user being signed in - either the token is valid for some API call, or it is not.
You can see for yourself what the client SDKs do, since they are all open sourced. The JS SDK can be found here.
Ok not an expert on server side coding and stuff but have a basic understanding. Here is my question;
I have firebase triggers setup on cloud functions
Now there is a requirement that I need to communicate with external servers to retrieve some other data
So I use HTTPS triggers and I followed tutorials and managed to use express and other middlewares to get the job done
The problem is, I don't think I understand how these HTTP triggers are authenticated. I obviously want only the authenticated users to make a call to these end points and my users are either iOS or Android users.
What i have already found out:
I followed the code sample in this link: https://github.com/firebase/functions-samples/blob/master/authorized-https-endpoint/functions/index.js but I have one question
It says The Firebase ID token needs to be passed as a Bearer token in the Authorization HTTP header like this: Authorization: Bearer <Firebase ID Token>
Is this token passed automatically from iOS and android clients or do I need to manually call some FirebaseAuth get token function in the mobile SDKs and manually created this authorization bearer as a part of my request url?
You need to manually call a Firebase API to get a token to pass to your backend.
This process is documented fairly thoroughly in the documentation for the Firebase Admin SDK, which you would use to verify ID tokens. That link will give you examples for Android and iOS.
The code sample you linked to also has client code for web that does the same.
I'm working on a project where it was asked for all the authentication to be done in our own backend, that is, without the usage of the Firebase SDK that comes pretty handy. The email/password sign up/sign in are very easy as we pass the email and password but all the other authentication methods, such as Google and Facebook, require postBody which contains OAuth Credentials. How am I able to get that data from the client (which can either be a native app or a react web page)? I've googled and read the Firebase REST Auth page for more info but I didn't find much other than what I already know. I've tried to work around with OAuth Playground from Google but it didn't work as well so I thought that my best chance was asking on SO where people with more experience could answer me.
I plan to query some data from Firestore within the fetch() method that Nuxt provides and then send it to the store. The problem is that the query requires the Firebase Auth info (the Firestore rules more precise), and afaik will the Firebase Auth not yet be connected or have loaded the active user since that happens client side. So that would mean that the query wouldn't have the auth info? How would I go about solving this? I have looked around and found that you could use cookies to store the Firebase Auth id and then within nuxtServerInit() in the store, load the user and get the correct uid and so forth, but Firebase will still not know about the user and I haven't found a way to load the user into Firebase Auth on the server side using the id from the cookie.
Any help would be really appreciated! (I released this got quite messy but hopefully you guys get the main point)
Worth nothing that I'm using Google as the sign in provider.
UPDATE:
I've done some digging and found that you can get the idToken and accessToken from the AuthCredential you get back after successful sign in. I think you could store those instead in a cookie and then sign in the user on the server using signInWithCredential() and pass a new GoogleAuthProvider that you could create with GoogleAuthProvider.credential(idToken, accessToken) using the tokens from the cookie.
Again, I'm not sure if this is safe to do or the correct way but I think it should work at least because now Firebase would now about the user already on the server side and therefore should the call to Firestore be no problem regarding the auth info.
I'm not able to test this right now but some thoughts on this would be great, thanks!
Still not able to test it but would like someone thoughts on this.
I am working on a project that might use Firebase only for messaging. The goal is for the following to happen:
App registers with Firebase on startup
App sends Firebase token to our server
Our server sends Firebase messages to all clients via the token from step 2
Note there is no step where the user will log into anything or enter any credentials. I am a little confused if this is possible in a production app, as most Firebase documentation talks extensively about different ways to authenticate, either via username/password, OAuth, etc.
The server will be sending different messages to different clients, but that logic will be handled by the server and not by different types of registration to Firebase. I know Firebase supports groups, but to make a long story short it probably won't be leveraged.
Can all this be done on Firebase? Is GCM a better match for these requirements? I feel like we would be throwing away 95% of Firebase and just trying to force it to simplify the messaging part.
Firebase Authentication does not at all affect the way that Firebase Cloud Messaging works. FCM only cares about the token for the app on the device as a means to target the app for messages. It doesn't care at all if the end user is authenticated by any means. If you want to associate a token to a user somehow, using Firebase Authentication or some other system, that's up to you.
FCM is an evolution of GCM. They are powered by essentially the same components. Using GCM doesn't give you any additional constraints or flexibility than FCM, except for the path to integration in your app.