How to authenticate an user in firebase-admin in nodejs?

Question

At the moment I am creating a Firebase API on nodejs. I would like to handle all Firebase stuff (like authentication) with firebase-admin on nodejs. But what is the correct way to authenticate a user over nodejs in firebase-admin without the Javascript Firebase SDK on the client side? On the official documentation for admin I didn't find a function called signInWithEmailAndPassword (like as on the client side SDK) for nodejs. There is only a function called: "getUserByEmail", but this function doesn't check if the user has entered the correct password.

This is my form:

<form class="sign-box" action="/login" method="post">        <div class="form-group">           <input id="username" name="username" type="text" class="form-control" placeholder="E-Mail"/>       </div>       <div class="form-group">           <input id="password" name="password" type="password" class="form-control" placeholder="Password"/>       </div>       <button type="submit" class="btn btn-rounded">Sign in</button>  </form> 

Once the form is submitted I pass the values to my API in nodejs:

app.post('/login', urlencodedParser, function (req, res) {      // getting the values      response = {         username: req.body.username,         password: req.body.password      };          // authenticate the user here, but how ?  }); 

My first idea was to use the Firebase SDK on the client side to sign in with signInWithEmailAndPassword and to get the uid. Once I had the UID I wanted to sent the UID to nodejs and call the function createCustomToken and to return the generated token (with some additional claims) back to the client. Once I get the token back I would use the function signWithCustomToken (on the client side) to authenticate the user. Is this way correct or is there a better way ?

Answer 1

Actually for authentication you will need to use the firebase regular api, no the admin.

First this will give you a refreshed firebase token, not a custom token. If you like you can do the same to obtain a custom token, if you need a custom token, I also have an example.

npm install firebase --save

const firebase = require("firebase"); const config = {     apiKey: "",     authDomain: "",     databaseURL: "",     projectId: "",     storageBucket: "",     messagingSenderId: "" }; firebase.initializeApp(config); 

I am posting my login firebase function but you will be able to change it to express easily.

exports.login = functions.https.onRequest((req, rsp)=>{     const email = req.body.email;     const password = req.body.password;     const key = req.body.key;     const _key = '_my_key_';     let token = '';     if(key === _key){                firebase.auth().signInWithEmailAndPassword(email,password).then((user)=>{ //The promise sends me a user object, now I get the token, and refresh it by sending true (obviously another promise)             user.getIdToken(true).then((token)=>{                 rsp.writeHead(200, {"Content-Type": "application/json"});                 rsp.end(JSON.stringify({token:token}));             }).catch((err)=>{                 rsp.writeHead(500, {"Content-Type": "application/json"});                 rsp.end(JSON.stringify({error:err}));             });         }).catch((err)=>{             rsp.writeHead(500, {"Content-Type": "application/json"});             rsp.end(JSON.stringify({error:err}));         });     } else {         rsp.writeHead(500, {"Content-Type": "application/json"});         rsp.end(JSON.stringify('error - no key'));     } }); 

NOTE: I am using this login function to test my other functions with Postman, so that is why i am sending a key, so I can use this privately.

Now combining the ADMIN and FIREBASE node apy I am able to do a lot of very interesting stuff with HTTP functions on my firebase.

Hope it helps somehow.