I am new to Firebase. I have linked Firebase to my React Native app, the Auth part is working and in the SCOPES array I am passing necessary scopes for sending emails https://www.googleapis.com/auth/gmail.send.
The Problem: On backend I am using Node.js and a Google Cloud project for sending emails, the way I wan this to work is that I will be sending a POST request to backend with the access token of user's account and then using that access token to send emails.
Is this something possible? I am basically using 2 different projects, one Firebase project for Authentication and giving Gmail permission and then another Google Cloud project for sending emails. I have whitelisted the Email sending project in Firebase Auth project.
Is this something possible? Is there any better way to achieve this?
Related
I'm currently thinking about using Firebase Auth system with my custom rest api service.
For example:
My custom api would authorise requests coming from angular app, but auth system begins in that
Angular app, so there I would get authenticated.
Later on, I would pass a token received from firebase to communicate with my service.
That service would check if token is ok and then let me in to resources.
Is it possible to do ?
I need to identify a similar authentication in Google Cloud Platform like Google Firebase offers. I want to authenticate users by E-Mail and password.
I developed a web app that runs in GCP AppEngine. This web app authenticates users by their E-Mail and password. But I wont host a custom OAuth server. Is there a OAuth server or similar authentication service provided by GCP too?
Or should I use instead Google Firebase Authentication?
You can of course roll your own authentication, but it's also possible to use Firebase Authentication in combination with your own App Engine backend. Have the users sign in with Firebase Authentication in the client-side app, send the ID token over a secure connection from the client to your App Engine server, and then verify the ID token in your App Engine code.
You can create a Firebase project linked directly to your GCP project (just find your GCP project in the Firebase project creation dialog).
Depending on the required language, they have a couple of tutorials with explanations on how Firebase Auth and e.g. App Engine can work together with sample codes. See:
https://cloud.google.com/appengine/docs/standard/python/authenticating-users-firebase-appengine
I have a mobile app (Android/iOS) that uses the Firebase SDK for several Firebase services (including Authentication and Storage).
Now there's a subsystem within the app that can't directly access the Firebase SDK, but I need to upload files to Storage from this subsystem. HTTP(S) requests are possible, so I tried to use the Storage JSON API for uploading.
However, an OAuth 2.0 token is required for authorizing requests via the JSON API. Is there a simple way to receive such a token, when there's already a signed-in user in the Firebase SDK? It seems the only thing I get from the Firebase SDK is the "Firebase ID token" (JWT token), but I don't know how to convert it (or if this is even possible) to an accepted OAuth token for the JSON API.
I think you're trying to do the petition from the plugin itself and it might not have the permissions.
Did you pass it to sign In With Custom Token to the SDK when your users sing-in?
I read that after that, a Custom Token and credentials are attached to the user's profile.
Why don't you try to do the petition from the user's profile instead of doing it from the plugin?
I'm trying to build an IFTTT service and connect it to my Firebase backend.
I need to authenticate user as indicated in the IFTTT docs:
https://platform.ifttt.com/docs/api_reference#service-authentication
IFTTT’s protocol supports OAuth2 authentication, including support for
refresh tokens if so desired.
Your service API should use access tokens for authentication and as a
source of identity. A single access token should correspond to a
single user account or resource owner on your service.
If refresh tokens are used, they must be non-expiring. If refresh
tokens are not used, access tokens must be non-expiring.
But I can only get short-lived access tokens from Firebase it seems. Where can I get or how can I generate such tokens from the Firebase auth SDK?
Update in response to #FrankvanPuffelen:
I'll create an IFTTT service running on a Node server (possibly simply Cloud Functions) that will use the Firebase RTDB to send formatted HTTP request back to IFTTT. IFTTT requires me to authorize user accounts. Their required UX is something like this:
If an IFTTT user tries to use my service on the IFTTT website,
an auth dialog for my service pops up.
The user logs in and confirms IFTTT's access to their data on my service.
Some OAuth 2.0 tokens are exchanged.
IFTTT servers will periodically send requests (authentified with those tokens) on behalf of the user to my server.
Part of the question is: Can I use the Firebase Auth API to get those tokens, etc. or do I need to create a new OAuth 2.0 "layer" with my own generated tokens for IFTTT?
PS: I'm very new to OAuth, so it's all a bit confusing to me, sorry if the question isn't very clear.
So IFTTT calls Cloud Functions, which then calls Realtime Database, and you want to authentication the IFTT user with Realtime Database. Is that correct? If so, you can either use an OAuth2 token or create a Firebase Authentication session cookie.
Use an OAuth2 token
I did this not too long ago for accessing the Realtime Database from Google Apps Script. The requirements are relatively simple (once you know them):
The OAuth2 tokens must be requested with the correct scopes: https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/firebase.database.
The OAuth2 access token must be present in the request to Realtime Database.
The authenticated user must be at least an editor on the Firebase project. Note that this is not a Firebase Authentication user, but a Google user account.
Also see:
How to integrate Firebase into Google Apps Script without using (deprecated) database secret
Use a Firebase Authentication session cookie
You can also use a Firebase Authentication session cookie, which can be longer-lived (up to 2 weeks) than a regular Firebase Authentication ID token (up to an hour). You'll want to set up a Cloud Function for creating the session cookie, call that from IFTTT, and then pass the session cookie with the IFTTT request and along to the Realtime Database.
For more on this, see:
the Firebase documentation on managing session cookies.
I'm posting my solution here, this is a rough draft of what I did at at the time.
I'm using this auth method: My API has users with non-expiring OAuth2 access tokens and have an Express server responding at a Firebase HTTPS Cloud Function endpoint. Currently, at the prototyping stage, it generates fake tokens from the UID that are successfully accepted by IFTTT.
It's a redirect-heavy authentification flow based on this old IFTTT api example: https://github.com/IFTTT/connect_with_ifttt_auth_sample
Here's the gist of it:
Tokens and Auth Codes are just randomized and encrypted UIDs for now.
/oauth/authorize redirects to my app.
The app asks the user if they want to authorize IFTTT
The app redirects to /oauth/authorize_user
/oauth/authorize_user generates a user-specific code and redirects the user to IFTTT with this code
IFTTT asks /oauth/token to exchange the code for a Bearer tokens.
IFTTT can now make requests on behalf of this user with this bearer token.
Sample code here: https://gist.github.com/nathanvogel/15ed311258b91d7ec3d25f44047780e2
I'm trying to integrate Firebase into a Unity WebGL app, unlike iOS and Android there's no official Firebase plugin for it.
I'd like to try and use the Unity WWW class to make web requests to endpoints to do firebase authentication.
Is there an endpoint I can call passing the username and password to firebase that will return an auth token?
No, that would be a massive security hole for the end user who gives up their password to you. Users should only be typing passwords directly into the site that controls their account.
You should probably take a look into calling through to JavaScript to use the Firebase web SDKs.
WebGL: Interacting with browser scripting
Yes, Firebase Auth has a REST API that sends the email/password combo (as POST parameters) in an https call.
Firebase Auth REST API Sign in with email / password