Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firebase custom OAuth authentication

Tags:

authentication

oauth

firebase

FireBase appears to support OAuth-based authentication from Facebook, Twitter, Google, GitHub. What about a different OAuth provider? It would be great if there were a generic "OAuth" option where in addition to specifying an API Key and Secret you specified whatever other information was needed.

Is it possible to use FireBase's existing OAuth-based authentication modules without rolling my own custom OAuth authentication module for FireBase, by possibly forking from one of the "built-in" OAuth mechanisms? Which one is the most generic, if so?

like image 731
Sam Barnum Avatar asked Oct 06 '14 00:10

Sam Barnum

People also ask

How do I customize Firebase authentication?

Go to the Service Accounts page in your project's settings. Click Generate New Private Key at the bottom of the Firebase Admin SDK section of the Service Accounts page. The new service account's public/private key pair is automatically saved on your computer. Copy this file to your authentication server.

Does Firebase Auth use OAuth?

Firebase Authentication integrates tightly with other Firebase services, and it leverages industry standards like OAuth 2.0 and OpenID Connect, so it can be easily integrated with your custom backend.

Does Firebase use JWT?

Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs). You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the signInWithCustomToken() method.

How do I get OAuth 2.0 access token for Firebase?

Once you have a service account key file, you can use one of the Google API client libraries to generate a Google OAuth2 access token with the following required scopes: https://www.googleapis.com/auth/userinfo.email. https://www.googleapis.com/auth/firebase.database. Using the Google API Client Library for Node.

1 Answers

I also struggled for a while now with this, and here's how I've done it for my project. Run a node.js express server that will have the role to:

  1. get the req from your frontend app
  2. redirect user to oauth page
  3. return to node.js in case of success/error and compute the token needed for firebase in order to successfully login the user.
  4. res with a cookie containing this token and redirect the user back to frontend app to complete the process.

You will have to run the node server on a different vps in order for your app to work but you'll probably need it anyway if you have a bigger app that needs to run private stuff on the backend and not everything upfront.

like image 115
UnuSec Avatar answered Oct 19 '22 02:10

UnuSec
Sign in to Comment

Related questions

Keycloak social login rest api
Google Cloud Endpoints without Google Accounts
Returning HTTP 401 status for AJAX responses without WWW-Authenticate
Which well-known OpenID providers is a new site expected to support?
HealthMonitoring Failure Audits Repercussions in ASP.NET
IOS Mutual Authentication
How do I grant my app permissions on pages or groups I created?
Chrome asks for proxy authentication for every page I open, IE doesn't
Kraken API: Problems with authentication (Invalid key)
Using JWT with Active Directory authentication in NodeJS backend
ESO Authentication on IIS for PHP and .NET applications (Shibboleth / SAML / WiF ...)
Should I pass Credentials via HTTP Header or Post body as JSON to REST Api?
Is there a way to know if there is a cookie available before showing the SFAuthenticationSession prompt
Java - PBKDF2 with HMACSHA256 as the PRF
How to handle authenticatication with HttpWebRequest.AllowAutoRedirect?
Apache Shiro for securing REST api

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!