I'm trying to integrate Firebase into a Unity WebGL app, unlike iOS and Android there's no official Firebase plugin for it.
I'd like to try and use the Unity WWW class to make web requests to endpoints to do firebase authentication.
Is there an endpoint I can call passing the username and password to firebase that will return an auth token?
No, that would be a massive security hole for the end user who gives up their password to you. Users should only be typing passwords directly into the site that controls their account.
You should probably take a look into calling through to JavaScript to use the Firebase web SDKs.
WebGL: Interacting with browser scripting
Yes, Firebase Auth has a REST API that sends the email/password combo (as POST parameters) in an https call.
Firebase Auth REST API Sign in with email / password
Related
We use firebase to authenticate a frontend application in the standard process- The application connect to firebase and ask for token, than the application send this token in every API call to the server, and the server validates the token.
Now if we want to expose some of our endpoints and supply api access (e.g users will be able to login without browser), how should we do the authentication?
The users will send username and password, and we will need to authenticate against firebase with the credentials.
Is there best practice or guideline to how to approach this?
I want to still leverage firebase security features that I don't need to manage by myself (for example, preventing brute-force attacks), but not using the browser.
I have a mobile app (Android/iOS) that uses the Firebase SDK for several Firebase services (including Authentication and Storage).
Now there's a subsystem within the app that can't directly access the Firebase SDK, but I need to upload files to Storage from this subsystem. HTTP(S) requests are possible, so I tried to use the Storage JSON API for uploading.
However, an OAuth 2.0 token is required for authorizing requests via the JSON API. Is there a simple way to receive such a token, when there's already a signed-in user in the Firebase SDK? It seems the only thing I get from the Firebase SDK is the "Firebase ID token" (JWT token), but I don't know how to convert it (or if this is even possible) to an accepted OAuth token for the JSON API.
I think you're trying to do the petition from the plugin itself and it might not have the permissions.
Did you pass it to sign In With Custom Token to the SDK when your users sing-in?
I read that after that, a Custom Token and credentials are attached to the user's profile.
Why don't you try to do the petition from the user's profile instead of doing it from the plugin?
I have four Appengine Standard Application.
For authentication I will receive a JWT token of my customer (They have an oauth provider), I know that Firebase has some defaults providers Oauth like as Github, Google, Facebook and integration with Javascript API is verey easy. But I need to use of my customer.
Is there a possibility to have a new OAuth provider in Firebase console to easily integration my app with firebase like this example?
For the backend I am thinking to use SDK to validate a token.
FirebaseAuth.getInstance().verifyIdTokenAsync(idToken).get();
To sign in with unsupported OAuth providers, your need to use custom authentication. Here is a full example on how to authenticate with Instragram: https://firebase.googleblog.com/2016/10/authenticate-your-firebase-users-with.html
I want custom firebase authentication where a user manages the roles of subordinate users. I need guidance on understanding on how to implement my own backend authentication system. Everywhere the documentation keeps mentioning that 'send the username and password to your backend that will generate a custom token'. What is this backend? where do I pursue this? My knowledge domain is firebase, firebase functions, angular 2/4, ionic2 for this discussion... thanks
To use custom authentication, you need to create a JSON Web Token (JWT) on your existing backend server, after you have used your existing backend server to validate the username and password of the user (or however else your backend server validates your users).
To create that JWT, use the configuration described at https://firebase.google.com/docs/auth/admin/create-custom-tokens?authuser=0#create_custom_tokens_using_a_third-party_jwt_library
There is PHP and Ruby code available at that page, for anyone using a language that does not have an SDK available from Google, but which does have a JWT library available.
The JWT is signed with your private key, which you can obtain as indicated at https://firebase.google.com/docs/auth/admin/create-custom-tokens?authuser=0#create_custom_tokens_using_a_third-party_jwt_library
Although that page describes initializing the SDK, this section also has instructions for creating the private key for your service account using the Firebase console at https://console.firebase.google.com/u/0/project/_/settings/serviceaccounts/adminsdk
You will have to send the email password to the firebase sdk in using javascript in web then when the sdk success functions tell that the user has been authenticated the web page will send result to your backend server (can be nodejs or php etc) from there you have to manage your own database to handle all the role base access.
Firebase is basically authenticating the user for you and telling you that you can identify this user using the following userid and then build your own system.
Firebase has access rules but those you have to define first you cannot fully customize them for each user.
For password auth see this:
https://firebase.google.com/docs/auth/web/password-auth
An easy way to do custom auth with Firebase is using an external identity provider. Auth0 is an example of such a provider.
Guide:
https://shusson.info/post/using-firebase-and-auth0-together
code:
https://github.com/shusson/firebase-custom-auth
Firebase Rest API mentions that we can pass CREDENTIAL to provide access to authenticated nodes. However I was not able to find documentation on where I can find these credential or generate these credential. Custom tokens generated using NodeJS firebase-admin client also don't work.
https://firebase.google.com/docs/database/rest/save-data
https://docs-examples.firebaseio.com/rest/saving-data/auth-example.json?auth=CREDENTIAL
If you scrolled down a little on the same page, you would find the answer:
In the following example we send a POST request with an auth parameter, where CREDENTIAL is either our Firebase app secret or an authentication token...
Firebase secrets are legacy credentials you can find/create under Project settings - Service Accounts in the Console. Using one as the auth parameter gives the caller administrative access.
Or you can use a service account to generate admin level access tokens instead of relying on the legacy secrets. See here for the Java implementation.
Or if you have an authenticated user – for example you're implementing an API a client apps call via HTTP, passing along their current access token –, you can use that token directly to impersonate the user.
The custom authentication tokens serve a completely different purpose and are part of a different sign in flow. Therefore they do nothing via the REST API.