Auth0 with Firebase Delegation

Question

Auth0 login with firebase delegation

.controller('LoginCtrl', function($scope, auth, $state, store) {
      auth.signin({
        authParams: {
          // This asks for the refresh token
          // So that the user never has to log in again
          scope: 'openid offline_access',
          // This is the device name
          device: 'Mobile device'
        },
        // Make the widget non closeable
        standalone: true
      }, function(profile, token, accessToken, state, refreshToken) {
        // Login was successful
        // We need to save the information from the login
        store.set('profile', profile);
        store.set('token', token);
        store.set('refreshToken', refreshToken);
        auth.getToken({
          api: 'firebase'
        }).then(function(delegation) {
          store.set('firebaseToken', delegation.id_token);
          $state.go('app.categories');
        }, function(error) {
          console.log("There was an error getting the firebase token", error);
        })
      }, function(error) {
        console.log("There was an error logging in", error);
      });
    })

Rule at Auth0 to assign proper uid to the delegate section of the token:

function (user, context, callback) {
  var isFirebase = context.request.body.api_type === "firebase";
  if (context.isDelegation && isFirebase) {
    console.log(user.user_id);
    var uid = user.user_id;
    var provider = uid.split("|")[0];
    var id = uid.substring(uid.indexOf("|") + 1);
    user.firebase_data = {
      uid: provider + ":" + id
    };
  }
  return callback(null, user, context);
}

Proof that the token as the uid (as expected from firebase in the decoded token)

{
  "iss": "https://gitreport.auth0.com/",
  "sub": "facebook|10153081497714658",
  "aud": "ZCCZrJ0ggUrk67ePh2UgHSl9FKfpMlcS",
  "exp": 1438989556,
  "iat": 1438953556,
  "v": 0,
  "d": {
    "fb_id": "facebook|10153081497714658",
    "uid": "facebook:10153081497714658"
  },
  "azp": "ZCCZrJ0ggUrk67ePh2UgHSl9FKfpMlcS"
}

Attempting to write to /users/$users in Firebase with UID: i.e. /users/facebook|34234234 Rule:

{
    "rules": {
      "users": {
        "$user_id": {
          // grants write access to the owner of this user account
          // whose uid must exactly match the key ($user_id)
          ".write": "$user_id === auth.uid"
        }
      },
      "salt" : {
       ".read" : true,
       ".write" : false
      },
      "categories" : {
       ".read" : true,
       ".write" : false
      },
        ".read": true,
        ".write": false
    }
}

Unfortunately, I can't seem to debug what's going on over at the firebase side. It was my understanding that Firebase is expecting the uid inside the delegate object of the Firebase token but any help here would be greatly appreciated.

When I swap out the auth.uid (on the Firebase rule) with the appropriate user info, the information gets written so I feel confident that if I can somehow deliver the proper uid to firebase inside the token, this will all fall into place.

And yes, I intended to use a : instead of a | for the delimiter in uid. Did that based upon what Firebase is expecting.

---

Answers to Kato's Questions:

@Kato Auth0 uses the concept of delegation to generate a Firebase Token. That token is stored on the client's browser. When decoded, the token look like the block posted above (proof that the token contains a uid...) The firebase documentation indicates that the uid is provider:id, however, that last article you send to me indicates that the uid is just a uniquely generated string.

I guess I don't understand where auth0's responsibility begins and firebase's ends? Why do I even need to delegate the token from auth0 at all? Should I just make a completely separate call to firebase to generate the token? What do I do with the firebase token that was created by Auth0?

What's really interesting about this to me is that neither Auth0 nor Firebase people really seem to understand the question I'm asking and maybe it's because I'm not asking it in the right way.

Fundamentally, I just want to Authenticate my users with Auth0 and then have Firebase secure the endpoint in the database.

Answer 1

I solved it and wrote it up here: http://billbutler1969.tumblr.com/post/126341320130/auth0-with-firebase-delegation-and-security-rules