Menu
I was wondering whether it is possible to actually authenticate to the Firebase REST API withouth using the custom authentication?
I've worked with Firebase now for some time and I'm currently thinking about migrating a backend of mine to Firebase. The app that uses the backend currently uses a REST API and does not need realtime data at all. Thus I'd like to use only the REST API and not the full Android framework on the clients.
Is it possible to get an auth token using the mail & password authentication of Firebase via HTTP-requests?
In the old docs I've only found a solution with custom login and in the new docs you seem to need a Google Service Account.
Any help or advice appreciated.
780
If you haven't yet connected your app to your Firebase project, do so from the Firebase console. Enable Email/Password sign-in: In the Firebase console, open the Auth section. On the Sign in method tab, enable the Email/password sign-in method and click Save.
You can use Firebase Authentication to sign in a user by sending them an email containing a link, which they can click to sign in. In the process, the user's email address is also verified.
Finding the Password Hash Parameters To access these parameters, navigate to the 'Users' tab of the 'Authentication' section in the Firebase Console and select 'Password Hash Parameters' from the drop down in the upper-right hand corner of the users table.
View the documentation
I figured out how to perform email and password authentication for Firebase by examining the requests sent by the Javascript API.
These APIs are undocumented and unsupported
Firebase 3 authentication is an updated and renamed version of the Google Identity Toolkit. The old documentation is not fully accurate, but may be useful and can be found here: https://developers.google.com/identity/toolkit/web/reference/
Firebase 3 requires all requests to have Content-Type: application/json in the header
Firebase 3 requires an API key to be attached to all authentication requests. You can find the API key for your database by visiting the Firebase project overview and clicking on "Add Firebase to your web app". You should see a window with code like the following:
<script src="https://www.gstatic.com/firebasejs/live/3.0/firebase.js"> </script>
<script>
// Initialize Firebase
var config = {
apiKey: "<my-firebase-api-key>",
authDomain: "my-firebase.firebaseapp.com",
databaseURL: "https://my-firebase.firebaseio.com",
storageBucket: "my-firebase.appspot.com",
};
firebase.initializeApp(config);
</script>
Copy the apiKey value and save it for later.
Method: POST
URL: https://www.googleapis.com/identitytoolkit/v3/relyingparty/signupNewUser?key=<my-firebase-api-key>
Payload:
{
email: "<email>",
password: "<password>",
returnSecureToken: true
}
Response:
{
"kind": "identitytoolkit#SignupNewUserResponse",
"localId": "<firebase-user-id>", // Use this to uniquely identify users
"email": "<email>",
"displayName": "",
"idToken": "<provider-id-token>", // Use this as the auth token in database requests
"registered": true,
"refreshToken": "<refresh-token>",
"expiresIn": "3600"
}
Method: POST
URL: https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=<my-firebase-api-key>
Payload:
{
email: "<email>",
password: "<password>",
returnSecureToken: true
}
Response:
{
"kind": "identitytoolkit#VerifyPasswordResponse",
"localId": "<firebase-user-id>", // Use this to uniquely identify users
"email": "<email>",
"displayName": "",
"idToken": "<provider-id-token>", // Use this as the auth token in database requests
"registered": true,
"refreshToken": "<refresh-token>",
"expiresIn": "3600"
}
Method: POST
URL: https://www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo?key=<my-firebase-api-key>
Payload:
{
idToken: "<provider-id-token>"
}
Response:
{
"kind": "identitytoolkit#GetAccountInfoResponse",
"users": [
{
"localId": "<firebase-user-id>",
"email": "<email>",
"emailVerified": false,
"providerUserInfo": [
{
"providerId": "<password>",
"federatedId": "<email>",
"email": "<email>",
"rawId": "<email>"
}],
"passwordHash": "<hash>",
"passwordUpdatedAt": 1.465327109E12,
"validSince": "1465327108",
"createdAt": "1465327108000"
}]
}
These requests return JSON data described in the Firebase docs. https://www.firebase.com/docs/web/guide/login/password.html#section-logging-in
You can authenticate by sending a GET request with the following format:
https://auth.firebase.com/v2/<db_name>/auth/password?&email=<email>&password=<password>
User creation can also be performed by sending the same GET request with _method=POST as part of the query string
https://auth.firebase.com/v2/<db_name>/users?&email=<email>&password=<password>&_method=POST
From Firebase Guide Authenticate with Firebase on Websites Using a Custom Authentication System (Please see https://firebase.google.com/docs/auth/web/custom-auth)
You can integrate Firebase Authentication with a custom authentication system by modifying your authentication server to produce custom signed tokens when a user successfully signs in. Your app receives this token and uses it to authenticate with Firebase.
Here's the key idea:
1) Add Firebase to your Web Project and use Firebase REST JavaScript SDK for Authentication, and access Storage / Realtime Database with Firebase.
// TODO: Replace with your project's customized code snippet
<script src="https://www.gstatic.com/firebasejs/3.0.2/firebase.js"></script>
<script>
// Initialize Firebase
var config = {
apiKey: '<your-api-key>',
authDomain: '<your-auth-domain>',
databaseURL: '<your-database-url>',
storageBucket: '<your-storage-bucket>'
};
firebase.initializeApp(config);
</script>
2) You app users sign in to your authentication server using their username and password. Your server checks the credentials and returns a custom token if they are valid.
3) After you receive the custom token from your authentication server, pass it to signInWithCustomToken to sign in the user
firebase.auth().signInWithCustomToken(token).catch(function(error) {
// Handle Errors here.
var errorCode = error.code;
var errorMessage = error.message;
// ...
});
If you try through REST API than you have to do all operation in your Apllication .
Just grab the json data and checked your authenticate or not .
use retrofit Get method and just grab all data from your firebase app.
this is my post Rerofit + Firebase which i was posted for the beginner to understand connection of firebase and Retrofit.
OR
Please go through this links it gonna help you .....................
REST auth
User Authnitication
Example
enjoy coding.......
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
