I am creating an Android native app and I am using Firebase Auth with multiple auth provides such as; Email, Facebook, Google etc, I will use the Firebase SDK for chat and real-time DB.
I have a RESTful API with a MySQL (similar to Facebook with; friends, private and public posts), a user database behind a PHP server and I would like to synchronize the Auth so that I can ensure that the user is correct and has a authority to access data for which they have permissions. I am able to edit and change my database so I can adapt it to suggestions here.
(I originally thought I might need something like OAuth however I no longer think that is necessary)
After much research, I think that I need to securely communicate the users email and the Firebase Auth token to the MySQL whilst keeping details in sync? It seems like this would be something that would be quite common but I haven't been able to find a definitive answer.
(If the above statement is true)
My questions are:
I'm new to most Auth concepts.
Best regards
Is the email and Auth token all that is required to Auth a user via the server: you just need the Auth ID token. You can get the email from that. You need to verify the ID token each time it is sent to your server. Check https://firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library
Should the Auth token get sent to Firebase SDK using the PHP SDK: It is the other way round. The ID token is on the client side, you call getIdToken and then send it to your backend server.
How should credentials be stored in the MySQL DB with regards to security: You don't need to store credentials in your DB. you can store session information, but the credentials are generated and refreshed on the client.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With