I want to use Firebase Authentication in my mobile app, however I want to host the mobile backend (REST API and database) on Azure. In this case, how would I get the identity information from Firebase over to Azure, e.g. how would I check in my Azure backend if a token sent from my mobile app to the Azure backend is valid, get the name of the logged in user etc?
You can use the Firebase Admin SDK to verify auth ID tokens sent from your app to your backend.
Related
This is my setup
Multiple Python APIs hosted on App Engine
Angular client application hosted on Firebase. Users accessing the web application are authenticated by Firebase Auth.
When trying to send requests to the APIs hosted on App Engine from the application, an error is encountered.
401 Unauthorized: Invalid IAP credentials: empty token
Tried following multiple online articles but there were a few problems I discovered.
The Firebase web application and the App Engine APIs are on separate Google Cloud projects
Majority solutions have the web application itself deployed on App engine and hence the OAuth process for authenticating end users is pretty straightforward. My project uses Firebase authentication to allow users to access my Firebase hosted webapp. Completely disconnected from IAP.
Is there any way I can use a service account to programmatically authenticate my Firebase web app as a secure IAP user and access the APIs?
Haven't tried this...
You can programmatically make calls to an IAP secured endpoint using an OIDC token. See documentation
So maybe your flow should be -
a) Users login to your Firebase App (follow whatever authentication method you like).
b) Then you programmatically make calls to the IAP app (following the link above) on behalf of the users
I'm currently thinking about using Firebase Auth system with my custom rest api service.
For example:
My custom api would authorise requests coming from angular app, but auth system begins in that
Angular app, so there I would get authenticated.
Later on, I would pass a token received from firebase to communicate with my service.
That service would check if token is ok and then let me in to resources.
Is it possible to do ?
I am making a mobile app with my custom API on AWS, firebase auth and firestore. I want to make secured connection:
- prevent MITM attack between client and AWS, and between client and firebase store
- prevent anybody to make request (and accept request only from mobile app)
Firestore
|(<- should be secure)
User - Firebase Auth
|(<- should be secure)
AWS EC2
Should I use JWT? Does anybody know how to use it on firebase auth?
I have used JWTs previously to allow a user’s login state persist on different sub domains on the same root domain (as Firebase does not do this natively). Check out this article:
https://dev.to/johncarroll/how-to-share-firebase-authentication-across-subdomains-1ka8
It may help with auth and JWT! It will allow you to authenticate in both backend and frontend.
I need to identify a similar authentication in Google Cloud Platform like Google Firebase offers. I want to authenticate users by E-Mail and password.
I developed a web app that runs in GCP AppEngine. This web app authenticates users by their E-Mail and password. But I wont host a custom OAuth server. Is there a OAuth server or similar authentication service provided by GCP too?
Or should I use instead Google Firebase Authentication?
You can of course roll your own authentication, but it's also possible to use Firebase Authentication in combination with your own App Engine backend. Have the users sign in with Firebase Authentication in the client-side app, send the ID token over a secure connection from the client to your App Engine server, and then verify the ID token in your App Engine code.
You can create a Firebase project linked directly to your GCP project (just find your GCP project in the Firebase project creation dialog).
Depending on the required language, they have a couple of tutorials with explanations on how Firebase Auth and e.g. App Engine can work together with sample codes. See:
https://cloud.google.com/appengine/docs/standard/python/authenticating-users-firebase-appengine
I am using the ADAL3 for authenticating on the Azure AD app. Then I use the AuthenticatedClient Async for logging into the Azure backend.
What is the correct strategy for consuming Azure backend and working with token? Do you call AuthenticateClientAsync before each call to the backend to be sure that if the session expires on the backend the token will be used to start the session automatically? What append if the memory save token is expired, do you manually ask users to login again?
Someone has a sample of an app that popup a login page then call some service and popup a new login page if needed?
Thanks for your help.
According to your description, I assumed that Azure Mobile Apps would be the approach for you to work as your mobile backend. And you could authenticate your customers with AAD and leverage the client SDKs provided by Azure Mobile Apps to communicate with your azure mobile app backend.
I would recommend you follow this tutorial for creating your Azure Mobile App and download the sample project for getting started. Then, you could configure your mobile app to use AAD login, details you could follow here. Moreover, more details about how to use the client SDKs for Azure Mobile Apps in your xamarin project you could follow here.
Someone has a sample of an app that popup a login page then call some service and popup a new login page if needed?
After logged via MobileServiceClient.LoginAsync, you would retrieve a JWT token issued by your mobile app backend and you could get it by accessing MobileServiceClient.CurrentUser.MobileServiceAuthenticationToken. And you could cache the token for reusing it. You could wrap the operations against your mobile app backend and catch the exception when the token is expired and manually call LoginAsync to ask the user for logging again or validate the token in your client side and re-login if the token is invalid before you send requests to your mobile app backend. For caching the token and validate the token, you could follow adrian hall's book about Caching Tokens. For wrapping the table operations, you could follow here.