Firebase auth - login user from app in website

Question

We have an App that uses firebase auth. Now we would like to send the user from the app to our website in order for him to perform some actions.

Is it somehow possible to automatically login the user when he comes from the App? He has already provided his login credentials and we have the auth object from firebase. Can we pass a token or somthing to our website and have the firebase SDK on the site log him automatically?

Answer 1

The common way to do this right now is as follows:

1. After the user signs in in one website, get the ID token via currentUser.getIdToken()
2. Post the ID token to your backend to serve the destination website.
3. On your backend, using Admin SDK, get the ID token, verify it, check the auth_time to make sure it is a recent login to minimize any window of attack. If everything checks out, mint a custom token via admin sdk createCustomToken.
4. Return the custom token to the website.
5. On the client side, sign in with custom token: signInWithCustomToken and the same user is now signed in on the website.