Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Firebase authenticate as admin

Is there a way I can authenticate with Firebase as an administrator of a firebase for full read/write access to it (already has security rules protecting parts of it), or will I have to write a security rule that somehow allows me access to the full firebase, for example by providing a certain password/key.

Is there a standard or suggested way of doing this?

like image 647
Patrick DeVivo Avatar asked Jul 12 '13 03:07

Patrick DeVivo


People also ask

How do I get firebase admin credentials?

In the Firebase console, open Settings > Service Accounts. Click Generate New Private Key, then confirm by clicking Generate Key.

What is difference between Firebase and Firebase admin?

The admin SDK runs your code with administrative permissions. This means it bypasses the security rules of your Firebase Database. It also has functionality to manage users and mint custom tokens and can be used to send FCM messages.

How do I use Firebase authentication in backend?

To do this, you can retrieve an ID token from a client application signed in with Firebase Authentication and include the token in a request to your server. Your server then verifies the ID token and extracts the claims that identify the user (including their uid , the identity provider they logged in with, etc.).

Does Firebase handle authentication?

Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UI libraries to authenticate users to your app. It supports authentication using passwords, phone numbers, popular federated identity providers like Google, Facebook and Twitter, and more.


2 Answers

Andrew's answer will only work if you're authenticating outside your client-side code (otherwise you shouldn't be using your MY_SECRET obviously). Since many people, like myself, use Firebase to avoid server code, here's an alternate answer.

In most firebase apps you probably have a "Users" object in addition to your simple login "auth" object (which only stores email and password). You can add an "isAdmin" or "isModerator" (or whatever you want) to each $user in the "Users" object.

And then your rules would look like this (assuming your auth.id matches your $user key):

{   "rules": {     "someObject": {       ".write": "root.child('Users').child(auth.uid).child('isAdmin').val() == true"     }   } } 
like image 130
Kyle Cureau Avatar answered Nov 10 '22 03:11

Kyle Cureau


Yes there is. You simply need to authenticate using a Firebase Secret instead of an authentication token. ie.

firebaseRef.auth(MY_SECRET); 

You can find the Secret in the Authentication section of Forge.

like image 34
Andrew Lee Avatar answered Nov 10 '22 03:11

Andrew Lee