Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

REST service using Spring Security and Firebase Authentication

Tags:

rest

spring

firebase

firebase-authentication

spring-security

Is there a simple way to integrate Firebase Authentication with Spring Security (for a REST service)?

From what I've read, I'll probably need to use a JWT token (obtained via Firebase), use that to authenticate the Spring service, and finally verify the token within the service via Firebase. But I can't find any (simple) documentation on using JWT with Spring Security.

I'd also like to be able to provide an /auth/login endpoint that uses Basic Auth rather than JWT so that I can obtain a JWT token via Firebase using email/password credentials. But this would mean enabling Basic Auth at one endpoint in the service and JWT Auth at all others. Not sure that's possible.

like image 697
MJ. Avatar asked Nov 23 '16 14:11

MJ.

People also ask

How do I use Firebase authentication in Spring Boot?

Open the Page Enter Your email and password which you have created the Firebase Authentication Dashboard and Click login. This idToken is your Bearer token you can modify it in the SpringBoot project according to your use-case. When you hit this private API you will get a user response with user details.

How does authentication work in Spring Security?

Spring Security provides comprehensive support for authentication. Authentication is how we verify the identity of who is trying to access a particular resource. A common way to authenticate users is by requiring the user to enter a username and password.

Does Firebase Auth use JWT?

The custom JWT returned from your server can then be used by a client device to authenticate with Firebase (iOS+, Android, web). Once authenticated, this identity will be used when accessing other Firebase services, such as the Firebase Realtime Database and Cloud Storage.

1 Answers

Short answer: no.

Long answer: you should create your own JWT, regardless of Firebase. When you receive a JWT from Firebase, verify its integrity. Then, issue your own based on the data in the token. Then you only need to adapt it to various OAuth providers. This way you can avoid round trips to firebase on each request.

For authenticating the user on each request (stateless auth), you add a filter with highest precedence. From the http request you are filtering, get the JWT and verify its integrity. If it's all good, set the authentication in the SecurityContextHolder.

like image 170
Stefa Avatar answered Sep 20 '22 09:09

Stefa
Sign in to Comment

Related questions

Configure HikariCP in Spring Boot with JTDS
Spring Expected ':' instead of 't' error when returning List?
Spring security custom filter called multiple times
No adapter for endpoint in Spring Web Service Response
An interview topic: What can go wrong with this code?
Gradle | Spring boot dependencies are not excluding
Spring AOP: how to get the annotations of the adviced method
How to generate URI inside a controller in Spring 3
Using Spring HibernateTemplate. How to delete by Id?
Invalid XSRF token at /oauth/token
JAX-WS For Json request and response [duplicate]
Order of @ExceptionHandler
Why isn't getSession() returning the same session in subsequent requests distanced in short time periods?
How to register spring bean in grails that needs a reference to a filter bean
How to handle version upgrades of spring-security-oauth2?
How to setup Spring Boot CLI behind a proxy

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!