Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Get Firebase Access Token in POSTMAN

In my web application, I am using Firebase for Authentication, to access any API, I have to authenticate from firebase.

Question: How can I get access token of firebase in Postman?

I have 2 solutions for this problem:

1) Get Access Token from firebase in postman, store that access token in postman global env. variable and then I can do other API request. (Here I don't know how to get access token in postman)

2) Do the login in the browser, copy access token from network request, store it in bash_profile and then use it in Postman. (Here I don't know how to read OS env. variable)

like image 620
Farhan Chauhan Avatar asked Apr 20 '18 05:04

Farhan Chauhan


3 Answers

When you want to use Postman only and don't want to build a frontend you can use this auth request in Postman: POST https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key={API_KEY}

In the Body you should send the following JSON string:

{"email":"{YOUR_EMAIL_ADDRESS}","password":"{PASSWORD}","returnSecureToken":true}

Content type is application/json (will be set automatically in Postman). You can find the Firebase API_KEY in the Firebase project settings (it's the Web-API-key).

As response you will get a JSON object and the idToken is the token you need for all your API requests as Bearer token.

To have a automated setting of this token, you can add the following code in the Tests tab at your auth request:

var jsonData = JSON.parse(responseBody);
postman.setGlobalVariable("id_token", jsonData.idToken);

For all your API requests you should set the Authorization to Bearer Token and the value for the token is {{id_token}}.

Now the token will be automatically used once you executed the auth request and got the response.

like image 147
naptoon Avatar answered Oct 06 '22 07:10

naptoon


An easy way to retrieve the access token from firebase is to:

  1. create an html file in a directory
  2. copy in the html file the content of firebase auth quickstart
  3. replace the firebase-app.js and firebase-auth.js as explained in firebase web setup to point them at the proper cdn location on the web
  4. replace firebase.init script with the initialization code from your app on the console like this:
var config = {
    apiKey: "my secret api key",
    authDomain: "myapp.firebaseapp.com",
    databaseURL: "https://myapp.firebaseio.com",
    projectId: "myapp-bookworm",
    storageBucket: "myapp.appspot.com",
    messagingSenderId: "xxxxxxxxxxxxx"
};
firebase.initializeApp(config);
  1. open the html file in your browser and either sign in or sign up. The Firebase auth currentUser object value should be displayed.

    1. inspect the html and expand the quickstart-account-details element. This should have the json object displayed.

    2. copy the content of accessToken

    3. In postman go to authorization, select bearer token and paste the copied token in the token value field.

You should be now able to call apis that are secured by firebase auth. Keep in mind that this only gets and passes the access token so once the token is expired you may need to request a new one (steps 5 to 8)

you can also look at this
Hope this helps!

like image 11
Alberto L. Bonfiglio Avatar answered Oct 06 '22 08:10

Alberto L. Bonfiglio


go to the pre-request script and add this code (use your API_KEY, USER_EMAIL, USER_PASSWORD)

  const reqObject = {
    url: "https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key={API_KEY}", // API_KEY -> your API key from firebase config 
    method: 'POST',
    header: 'Content-Type:application/json',
    body: {
        mode: 'raw',
        raw: JSON.stringify({ "email": {USER_EMAIL}, "password": {USER_PASSWORD}, "returnSecureToken": true })
    }
};

pm.sendRequest(reqObject, (err, res) => {
    const idToken = res.json().idToken;  // your idToken
    pm.environment.set("FIREBASE_TOKEN", idToken ); // set environment variable FIREBASE_TOKEN with value idToken 
});

this code will add the environment variable FIREBASE_TOKEN, but u can do whatever you want with idToken =)

like image 6
Leo Avatar answered Oct 06 '22 06:10

Leo