How to populate `identifier` and `providers` in Firebase custom authentication?

Question

I'm authenticating my users on my web service and then creating Firebase custom token via php-jwt:

// Requires: composer require firebase/php-jwt
use Firebase\JWT\JWT;

// Get your service account's email address and private key from the JSON key file
$service_account_email = ...;
$private_key = ...;

function create_custom_token($uid, $is_premium_account) {
  global $service_account_email, $private_key;

  $now_seconds = time();
  $payload = array(
    "iss" => $service_account_email,
    "sub" => $service_account_email,
    "aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
    "iat" => $now_seconds,
    "exp" => $now_seconds+(60*60),  // Maximum expiration time is one hour
    "uid" => $uid,
    "claims" => array(
      "premium_account" => $is_premium_account
    )
  );
  return JWT::encode($payload, $private_key, "RS256");
}

But the users that I authenticate this way, don't show the administrator-friendly "Identifier" and "Providers" fields in the "Authentication" panel in the Firebase Console:

The first two are users that I authenticated via this custom authentication process, and the last one is a user that I authenticated directly via Google.

How can I populate the "Identifier" and the "Providers" fields for users created via custom authentication?

Answer 1

The "Providers" column will only display an icon if the information attached to a user matches one or more of the the given providers in the "Sign-In Methods" section (https://console.firebase.google.com/project/_/authentication/providers).

Custom providers don't have a distinct icon, and Firebase wouldn't know what to display in the "Identifier" column (the UID is already in its own column at the end).

However, you do have some control for the display of the columns by creating them in advance (meaning: before signing them in for the first time), or by updating the user information after the user entry has been created.

I prepared an example showing which combination of fields leads to which display:

Please note:

• The display name has no effect: if it is the only data provided, the user is considered anonymous.
• Email + Password match the "Email/Password" Provider
• Phone Numbers will alway match the "Phone" provider
• The icons for a matched provider will be displayed in the column, even if a provider has been disabled.
• Emails and Phone numbers have to be unique. If your application allows multiple users with the same email address/phone number, you will get into trouble, if you just want to see more information about the users of your Firebase project.

You can create and update users via the Firebase Auth REST API, but I would suggest to use one of the official Firebase Admin SDKs SDK to do it - in case you want to stick to PHP, I happen to know an unofficial one: kreait/firebase-php (Documentation) (Disclaimer: I'm the maintainer of the PHP SDK :) ).

On a non-technical note: I wouldn't bother too much with the user list in the Firebase Web Console: use the Firebase CLI tool or one of the official (or unofficial ;) ) Admin SDKs to create an overview that meets your needs.

You mentioned in the Bounty Annotation that you asked this in the Firebase Slack Community without an answer - you can find me and other PHP developers in the #php channel. I enabled notifications for the channel, so please feel free to join if you have further questions.

---

FYI, this is the code I wrote with the PHP SDK to create the data for the screenshot above:

<?php

declare(strict_types=1);

use Kreait\Firebase;
use Kreait\Firebase\Util\JSON;

require_once __DIR__.'/vendor/autoload.php';

$serviceAccount = Firebase\ServiceAccount::fromJsonFile(__DIR__.'/service_account.json');

$firebase = (new Firebase\Factory())
    ->withServiceAccount($serviceAccount)
    ->create();

$auth = $firebase->getAuth();

// Remove all users
foreach ($auth->listUsers() as $user) {
    $auth->deleteUser($user->uid);
}

// Simulate custom auth
$ct = $auth->createCustomToken('a-custom-auth');
$r = $auth->getApiClient()->exchangeCustomTokenForIdAndRefreshToken($ct);
echo JSON::prettyPrint($auth->getUser('a-custom-auth'));


echo JSON::prettyPrint($auth->createUser([
    'uid' => 'displayname-only',
    'displayName' => 'Jérôme Gamez',
]));

echo JSON::prettyPrint($auth->createUser([
    'uid' => 'email-only',
    'email' => '[email protected]',
]));

echo JSON::prettyPrint($auth->createUser([
    'uid' => 'email-and-password',
    'email' => '[email protected]',
    'password' => 'password'
]));

echo JSON::prettyPrint($auth->createUser([
    'uid' => 'phone-only',
    'phoneNumber' => '+49-123-1234567',
]));

echo JSON::prettyPrint($auth->createUser([
    'uid' => 'email+name+phone',
    'email' => '[email protected]',
    'displayName' => 'Jérôme Gamez',
    'phoneNumber' => '+49-123-7654321',
]));

echo JSON::prettyPrint($auth->createUser([
    'uid' => 'email+name+password+phone',
    'email' => '[email protected]',
    'displayName' => 'Jérôme Gamez',
    'password' => 'example123',
    'phoneNumber' => '+49-321-7654321',
]));