I want send notifications to mobile app. For that I need JWT tokens.
In all Google's documentation says that I should use Admin SDK for obtaion tokens, but i can't do it.
How to obtain access and refresh tokens without Google's libraries?
I need URL, HTTP method and request payload.
After 3 days of searching, I found a solution in the documentation:
https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth
Related
Im developing a backend for mobile which is using Firebase for authentication and authorization. When the mobile ends the authentication process it sends through http methods to my backend an idToken signed by Google, which then I verify the signature and payload of the provided idtoken.
Is there a way to get the idToken from Google Firebase Console?
At the time I only figured out how to get it from mobile through a method called getIdToken for Kotlin. I can't keep getting the token this way, I need to do it without the mobile.
Thanks!
There is no server-side API to get ID tokens of your users from Firebase Authentication. You will have to get it on the client, and pass it to your server to be verified, exactly as you already seem to be doing.
That is also the process that the Firebase services and SDKs themselves follow, so you might want to reconsider whether this is feasible for your use-case too, or edit your question to better explain why it isn't possible.
I'm using firebase rest API and I'm trying to imitate firebase.auth().signOut(). I imagine I would go ahead and invalidate the firebase ID token. Is that the proper way to do so or should I just let the token expire on its own?
Just delete the client token from memory and storage so that it doesn't get used again. That's basically what the client SDKs will do. The backend doesn't retain any sense a user being signed in - either the token is valid for some API call, or it is not.
You can see for yourself what the client SDKs do, since they are all open sourced. The JS SDK can be found here.
I am currently facing the following situation.
Sending Firebase Messages via HttpCall via the google API endpoint:
https://fcm.googleapis.com/v1/projects/projectName/messages:send
Here we have to use OAuth2.0 with a valid Bearer Token like discussed in this question:
What Bearer token should I be using for Firebase Cloud Messaging testing?
After following these steps I was able to send Firebase Messages via the google API.
Now I would like to get the Bearer Token via a HttpCall without doing the manual step with the Playground https://developers.google.com/oauthplayground.
I cannot find any documentation on how to "Exchange authorization code for tokens" via simple HttpCall. I have no possibility to implement any code because I would like to send Firebase messages inside a "Dataverse Cloud Flow/PowerAutomate", therefore no possibility to load any external DLL (like the Firebase Admin Dll, which would implement this functionality).
I am not,looking for a solution which depends on external Dll like https://firebase.google.com/docs/database/rest/auth#authenticate_with_an_access_token or Pre-RequestScript
Any help is appreciated
What you are after is fundamentally not possible, since you can't hook the result of the bearer token into the same URL process to send messages. By the sounds of it you are unable to fetch one URL, process the results from that URL to pass onto the other which is what the REST API would do.
As such, you will need a secondary service that you can simply send messages to and it will invoke the Message and authentication for you, a bridge as you will. You can use Firebase Cloud Functions with an onRequest call or a simple express server on a Google Compute Engine instance (f1 free tier).
Then you can send your message request from your service to this bridge which will authenticate for you and send the message, it would be a fairly simple script to implement, specially with the admin-sdk.
Ok not an expert on server side coding and stuff but have a basic understanding. Here is my question;
I have firebase triggers setup on cloud functions
Now there is a requirement that I need to communicate with external servers to retrieve some other data
So I use HTTPS triggers and I followed tutorials and managed to use express and other middlewares to get the job done
The problem is, I don't think I understand how these HTTP triggers are authenticated. I obviously want only the authenticated users to make a call to these end points and my users are either iOS or Android users.
What i have already found out:
I followed the code sample in this link: https://github.com/firebase/functions-samples/blob/master/authorized-https-endpoint/functions/index.js but I have one question
It says The Firebase ID token needs to be passed as a Bearer token in the Authorization HTTP header like this: Authorization: Bearer <Firebase ID Token>
Is this token passed automatically from iOS and android clients or do I need to manually call some FirebaseAuth get token function in the mobile SDKs and manually created this authorization bearer as a part of my request url?
You need to manually call a Firebase API to get a token to pass to your backend.
This process is documented fairly thoroughly in the documentation for the Firebase Admin SDK, which you would use to verify ID tokens. That link will give you examples for Android and iOS.
The code sample you linked to also has client code for web that does the same.
My website uses GCM (via OneSignal)
push notifications system.
I have to migrate push notification system to FCM (Firebase).
My goal is to migrate old tokens (and theirs relative tags/preferences) stored onto OneSignal into mine DB (on MongoDB) and send to that tokens my push notification via Firebase.
Reading Firebase's doc I don't understand if it is possible and how it is possible to reuse (or migrate/translate) old OneSignal tokens with Firebase.
Then:
Is it possible to reuse old OneSignal token with Firebase?
If n°1 is FALSE, how can I migrate old token to new token accessible with Firebase? Is there an API or JS method defined into Firebase SDK in order to translate old tokens.
I'm not familiar with how OneSignal works with GCM/FCM. What you should do is verify if the token used for OneSignal is either different or same to the actual registration token GCM works on.
The usual token format for GCM/FCM is something like this: 123456abcd:123456789abcdefghij. For a list of known characters for a GCM/FCM registration token, see here.
If it is the same, then you could simply use them as they are while proceeding to use FCM. Since FCM is still compatible with GCM tokens. However, there seems to be a really old version of GCM tokens that may be considered different from the latest format of GCM/FCM tokens (see here).
If the token is different, then unfortunately, I don't think there is a way for you to import those tokens to FCM (similar post, but for parse.com tokens). You could ask the OneSignal team if they might have the corresponding GCM tokens, but I can't say for sure.
Disclaimer: I'm no way associated or representing OneSignal in any manner.