Reputation: 1154
Firebase PHP CURL Authentication
I currently building a small chat using Firebase and PHP. This, I thought, would be a good learning project for Firebase, and so far I am very happy with it!
However, I have hit a wall. I am not sure how I can implement an authentication system to Firebase via PHP. It's quite specific what I need the authentication system to do:
To be able to use the chat, the user must login using my custom php login system. Then once they are logged in, they will also authenticate to be able to read/write in the chat.
I couldn't really understand how this (if even) is possible with PHP, using CURL.
In my __construct function in have the following:
require('/libs/FirebaseLib.php');
$this->firebase = new fireBase('https://<url>.firebaseio.com');
require('/libs/JWT.php');
require('/libs/FirebaseToken.php');
$tokenGen = new Services_FirebaseTokenGenerator('<firebase-secret>');
$this->authtoken = $tokenGen->createToken(
array(
'id' => $this->userid
)
);
How would I authenticate with Firebase to let the user be able to read/write in my chat and not allow non authenticated user to read/write? Note: I have not done anything to the Firebase security rules - this is part of my question.
I've looked at the documentation, I might just be very thick, but I couldn't really find what I was looking for.
Hope anyone to point me in the right direction.
Thanks!
EDIT: I have intentionally not been using javascript for my chat, apart from ajax calls to my php script which then relays it to Firebase after I have done what I want to do with the user's messages.
EDIT 2: Added links to the used libraries: "Firebase Token Generator" and "Firebase PHP Client"
EDIT 3: My current code looks like this: (reference)
__construct:
$this->authtoken = JWT::encode(
array(
'admin' => true,
'debug' => true,
'v' => 0,
'iat' => time(),
'd' => array('user' => 'admin')
),
'<secret>',
'HS256'
);
New Message Function:
$response = $this->firebase->set('/chat.json?auth=' . $this->authtoken, array(
'message' => array(
'username' => 'Test',
'time' => time(),
'string' => 'Hello World!'
)
));
However it returns: { "error" : "invalid_token: Could not parse auth token." }. I basically want to get permission as the administrator. I have tried just using the Firebase secret as the auth, but its returns the same error.
Rules:
{
"rules": {
".read": "auth.username == 'admin'",
".write": "auth.username == 'admin'"
}
}
Upvotes: 4
Views: 7605
Answers (1)
Reputation: 16319
The general workflow would be:
- After user has authenticated with your custom login system, generate a Firebase auth token in your server-side PHP code. (it looks like you got this far with the code snippet you pasted).
- Pass that token back to the client.
- Have the client call firebase.auth(<token>); to authenticate to Firebase using your server-generated token.
- Use security rules to restrict what the client can read/write, depending on the contents of their auth token.
For a simple scenario where you just want to allow all Firebase access if they're authenticated, you could just have security rules like:
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
This would give authenticated users read/write access to your whole Firebase. You probably want to lock it down more than that though (i.e. only give them read/write access to certain parts of the Firebase). Check out our Security Quickstart for a walkthrough on how auth and security rules work.
If this doesn't help, perhaps you can elaborate on which part you're getting stumped at.
Upvotes: 2
Related Questions
- How do I add an authentication system for cURL on Firebase?
- Firebase Auth JS/PHP
- Firebase Setup with PHP CURL
- How to safely use Firebase Auth on a PHP web app
- Firebase REST access using PHP with Authentication
- PHP: firebase identity authentication
- Firebase JWT Authentication
- How can I configure Firebase Security Rules to only allow writes from a CURL/PHP source?
- Firebase GET data via REST API PHP CURL
- firebase PHP: create user