I have four Appengine Standard Application.
For authentication I will receive a JWT token of my customer (They have an oauth provider), I know that Firebase has some defaults providers Oauth like as Github, Google, Facebook and integration with Javascript API is verey easy. But I need to use of my customer.
Is there a possibility to have a new OAuth provider in Firebase console to easily integration my app with firebase like this example?
For the backend I am thinking to use SDK to validate a token.
FirebaseAuth.getInstance().verifyIdTokenAsync(idToken).get();
To sign in with unsupported OAuth providers, your need to use custom authentication. Here is a full example on how to authenticate with Instragram: https://firebase.googleblog.com/2016/10/authenticate-your-firebase-users-with.html
Related
I'm currently thinking about using Firebase Auth system with my custom rest api service.
For example:
My custom api would authorise requests coming from angular app, but auth system begins in that
Angular app, so there I would get authenticated.
Later on, I would pass a token received from firebase to communicate with my service.
That service would check if token is ok and then let me in to resources.
Is it possible to do ?
Is there a way to authenticate a user with SAML token using firebase as a backend? The company I am working with requires that SAML is used within the authentication system and I am not sure if this is possible with firebase as a backend.
Thanks
Maybe new GCP service "Cloud Identity for Customers and Partners" (in beta for now) could help you.
Cloud Identity for Customers and Partners (CICP) provides an identity platform that allows users to authenticate to your applications and services, like multi-tenant SaaS applications, mobile/web apps, games, APIs and more. CICP is built on an enhanced Firebase Authentication infrastructure, so it's perfect if you're building a service on Firebase, Google Cloud Platform (GCP), or on another platform, and need secure, easy-to-use authentication.
You can check SAML provider, Firebase is behind the scene.
This guide shows how to enable an existing web application for Security Assertion Markup Language (SAML) 2.0, with Cloud Identity for Customers and Partners (CICP). This will include accepting SAML assertions from identity providers (IdP) as a SAML service provider, verifying their contents, and producing a lightweight JWT that you can use in your application to verify authentication and perform authorization.
Hope it will help.
Updated on February 25th, 2020 :
I published a tutorial on how to integrate SAML authentication with Firebase and Angular app.
You can now use SAML provider with the new Cloud Identity platform. This platform works in combination with Firebase too.
Check Thierry's answer for more details.
Old/outdated answer below:
At the moment there is no built-in SAML provider for Firebase Authentication. See this discussion on the firebase-talk mailing list. From that post:
To support SAML authentication with Firebase Auth, you need to use custom authentication.
When the SAML response is posted to your server, your convert the SAML assertion to a custom token (minted via Firebase Admin SDK) and then pass that token to the client where you signInWithCustomToken. You can add any additional SAML claims to the custom token claims and they will propagate to the Firebase ID token JWT.
It's a valid feature request though, so I highly recommend to file a feature request.
I'm trying to integrate Firebase into a Unity WebGL app, unlike iOS and Android there's no official Firebase plugin for it.
I'd like to try and use the Unity WWW class to make web requests to endpoints to do firebase authentication.
Is there an endpoint I can call passing the username and password to firebase that will return an auth token?
No, that would be a massive security hole for the end user who gives up their password to you. Users should only be typing passwords directly into the site that controls their account.
You should probably take a look into calling through to JavaScript to use the Firebase web SDKs.
WebGL: Interacting with browser scripting
Yes, Firebase Auth has a REST API that sends the email/password combo (as POST parameters) in an https call.
Firebase Auth REST API Sign in with email / password
I want custom firebase authentication where a user manages the roles of subordinate users. I need guidance on understanding on how to implement my own backend authentication system. Everywhere the documentation keeps mentioning that 'send the username and password to your backend that will generate a custom token'. What is this backend? where do I pursue this? My knowledge domain is firebase, firebase functions, angular 2/4, ionic2 for this discussion... thanks
To use custom authentication, you need to create a JSON Web Token (JWT) on your existing backend server, after you have used your existing backend server to validate the username and password of the user (or however else your backend server validates your users).
To create that JWT, use the configuration described at https://firebase.google.com/docs/auth/admin/create-custom-tokens?authuser=0#create_custom_tokens_using_a_third-party_jwt_library
There is PHP and Ruby code available at that page, for anyone using a language that does not have an SDK available from Google, but which does have a JWT library available.
The JWT is signed with your private key, which you can obtain as indicated at https://firebase.google.com/docs/auth/admin/create-custom-tokens?authuser=0#create_custom_tokens_using_a_third-party_jwt_library
Although that page describes initializing the SDK, this section also has instructions for creating the private key for your service account using the Firebase console at https://console.firebase.google.com/u/0/project/_/settings/serviceaccounts/adminsdk
You will have to send the email password to the firebase sdk in using javascript in web then when the sdk success functions tell that the user has been authenticated the web page will send result to your backend server (can be nodejs or php etc) from there you have to manage your own database to handle all the role base access.
Firebase is basically authenticating the user for you and telling you that you can identify this user using the following userid and then build your own system.
Firebase has access rules but those you have to define first you cannot fully customize them for each user.
For password auth see this:
https://firebase.google.com/docs/auth/web/password-auth
An easy way to do custom auth with Firebase is using an external identity provider. Auth0 is an example of such a provider.
Guide:
https://shusson.info/post/using-firebase-and-auth0-together
code:
https://github.com/shusson/firebase-custom-auth
Firebase Rest API mentions that we can pass CREDENTIAL to provide access to authenticated nodes. However I was not able to find documentation on where I can find these credential or generate these credential. Custom tokens generated using NodeJS firebase-admin client also don't work.
https://firebase.google.com/docs/database/rest/save-data
https://docs-examples.firebaseio.com/rest/saving-data/auth-example.json?auth=CREDENTIAL
If you scrolled down a little on the same page, you would find the answer:
In the following example we send a POST request with an auth parameter, where CREDENTIAL is either our Firebase app secret or an authentication token...
Firebase secrets are legacy credentials you can find/create under Project settings - Service Accounts in the Console. Using one as the auth parameter gives the caller administrative access.
Or you can use a service account to generate admin level access tokens instead of relying on the legacy secrets. See here for the Java implementation.
Or if you have an authenticated user – for example you're implementing an API a client apps call via HTTP, passing along their current access token –, you can use that token directly to impersonate the user.
The custom authentication tokens serve a completely different purpose and are part of a different sign in flow. Therefore they do nothing via the REST API.