Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using Firebase Auth with Django

Tags:

I want to use firebase authentication for my django webapp. To achieve this, I think would I need to write a custom auth backend - is that right? I don't see any libraries that already do this - django-allauth looks like it comes pretty close as an alternative but I am interested in the phone number verification provided by firebase.

I'm also confused about what happens to the User model and functions like request.user or user.is_authenticated. Right now I use the authenticate and login functions - how does django know that a user is logged in via firebase? Would I still be creating a User model for every user?

Thanks

like image 908
newmanne Avatar asked Jan 12 '18 18:01

newmanne


People also ask

Can I use Firebase with Django?

Setting up a new Django project Let us add our app to the list of already installed apps. To connect Firebase and Django, we need to install a python package named pyrebase.

Which is better Firebase or Django?

Reviewers felt that Django meets the needs of their business better than Firebase. When comparing quality of ongoing product support, reviewers felt that Firebase is the preferred option. For feature updates and roadmaps, our reviewers preferred the direction of Django over Firebase.

Can I use Firebase just for authentication?

You can use Firebase Authentication to allow users to sign in to your app using one or more sign-in methods, including email address and password sign-in, and federated identity providers such as Google Sign-in and Facebook Login.


1 Answers

You can use Firebase Auth with any framework. You don't necessarily need to use custom auth. Typically, you would sign in the user on the client, get the ID token by calling firebase.auth().currentUser.getIdToken() and then pass the ID token to your server, verify it and parse its payload identifying the user ID and its other claims by using the Firebase Admin SDKs and then you can issue a session cookie identifying the user associated with that ID token.

On signout, you would clear that session cookie.

If you also need to persist that user on the backend after setting the session cookie, you can also use the Firebase Admin SDK to lookup a user identified by the user ID or just use the token claims to populate the user without any network call. You can populate that in the user model of associated framework if needed.

For more on session management, you can refer to this django documentation: https://docs.djangoproject.com/en/3.0/topics/http/sessions/

like image 159
bojeil Avatar answered Sep 26 '22 15:09

bojeil