I'm working on a project where it was asked for all the authentication to be done in our own backend, that is, without the usage of the Firebase SDK that comes pretty handy. The email/password sign up/sign in are very easy as we pass the email and password but all the other authentication methods, such as Google and Facebook, require postBody which contains OAuth Credentials. How am I able to get that data from the client (which can either be a native app or a react web page)? I've googled and read the Firebase REST Auth page for more info but I didn't find much other than what I already know. I've tried to work around with OAuth Playground from Google but it didn't work as well so I thought that my best chance was asking on SO where people with more experience could answer me.
Related
I'm trying to add OAuth to our webapp to allow signing in with Twitch and Discord and we are using Google Identity Platform + Firebase Auth.
Twitch works perfectly, but Discord is giving me some troubles even after reviewing the Discord OAuth docs. What exactly is the difference here? I noticed that Twitch publishes an OAuth Discovery Document, whereas Discord doesn't. Is that the crux of the issue?
What are my options for connecting Discord auth? Am I stuck managing the implicit flow myself? Will that provide credentials sufficient to link a Firebase account? How bad of an idea is it to run my own OAuth login provider via something like Keycloak or Authentik that provides a Discovery Document proxies requests to Discord?
Update:
I found https://github.com/kimcore/discord-oidc and modified it a bit to work with Google Identity Provider. I have it deployed on a CloudFunction and it's working! Is there anything else I need to consider?
Im developing a backend for mobile which is using Firebase for authentication and authorization. When the mobile ends the authentication process it sends through http methods to my backend an idToken signed by Google, which then I verify the signature and payload of the provided idtoken.
Is there a way to get the idToken from Google Firebase Console?
At the time I only figured out how to get it from mobile through a method called getIdToken for Kotlin. I can't keep getting the token this way, I need to do it without the mobile.
Thanks!
There is no server-side API to get ID tokens of your users from Firebase Authentication. You will have to get it on the client, and pass it to your server to be verified, exactly as you already seem to be doing.
That is also the process that the Firebase services and SDKs themselves follow, so you might want to reconsider whether this is feasible for your use-case too, or edit your question to better explain why it isn't possible.
I am working on a flutter app with a firebase backend and I can't find any documentation for what I'm trying to do. I am trying to have a user of my app (whose information is presumably stored in a FirebaseUser class) get their identity verified server-side and then if the identity is a certain user (verified by firebase serverless), they will be allowed to make a post to the db. The firebase documentation has stuff for android, ios and web but not for cross-platform flutter development. Can someone please point me in the right direction? I'm a little lost. Thanks!
Using Firebase with GCP will provide you this Server-Side authentication that you are asking for - so you don't need to worry. :)
If you just want to follow that, I would recommend you to take a look at the documentation from Firebase that talks about authentication. You can access this documentation in the below link.
Firebase Authentication
In case you indeed, need to use a private Server, I would recommend you to take a look at the below question that is already answered, about using a private server with Firebase. It should really help you achieve your goal.
Firebase authentication for private server
Let me know if the information helped you!
I am building an app in VueJs and I am looking for the best way to do the authentication part, there is an API in progress as well that will need token verification for protected end points.
I would like to know if is possible to integrate Auth0 to Firebase in a way that Firebase is the main center of communication between the VueJs app and Auth0 (the same thing with the API -> Firebase -> Auth0).
I am asking this because I would like to know exactly if I can save some lines of code and performance using Firebase tools to get what I need from Auth0 without connecting directly to Auth0 API. Also I would like to use Fire Store to save the tokens I get from Auth0.
is possible to have this kind of architecture?
Here is a diagram for a better understanding of the wished result, hope is not confusing.
https://ibb.co/68tpw8L
Thank you!
These links are the closest solutions I found thru Google.
But according with the info I found you can do this but using Auth0 as my main gateway but I want all the contrary, using Firebase as the main gateway.
https://firebase.google.com/docs/auth/web/custom-auth#before-you-begin
https://auth0.com/docs/api/authentication#delegation
https://firebase.google.com/docs/web/setup
https://auth0.com/blog/developing-real-time-apps-with-firebase-and-firestore/
Auth0 has deprecated the /delegation endpoint which is used to get the token for third party vender.
https://auth0.com/docs/migrations#api-authorization-with-third-party-vendor-apis
As a workaround, use the firebase custom token authentication mechanism. https://firebase.google.com/docs/auth/admin/create-custom-tokens
https://firebase.google.com/docs/reference/js/firebase.auth.Auth.html#signinwithcustomtoken
To create a custom token, you can use the firebase function if you do not have a backend server.
The entire flow is described in the following auth0 blogs with a complete project.
https://auth0.com/blog/how-to-authenticate-firebase-and-angular-with-auth0-part-1/
https://auth0.com/blog/how-to-authenticate-firebase-and-angular-with-auth0-part-2/
I used firebase.auth.signInWithPopup() from this documentation. However, I am getting this warning on the popup window saying that my app isn't verified yet. See image below.
I don't know where to start from here since as far as I can remember, I can't find anything about this on the firebase auth docs. Any advice?
Google now requires apps be verified when you request certain sensitive data:
https://developers.googleblog.com/2017/07/new-security-protections-to-reduce-risk.html
Firebase is not exempt. Why should it be? Any attacker can create a Firebase account with Google provider enabled and try to phish Google users with it.
Verify your app through this link OAuth consent screen