Firebase authentication from Google Cloud Endpoint

Question

I have an Android app that uses Firebase with user authentication. The authentication process is done via Facebook, Google or Twitter accounts and stores user data into Firebase.

In the other hand, I have a Google Cloud Endpoint in Java running in App Engine that connects to Firebase to retrieve some data and eventually sends a message to other users through Google Cloud Messaging. Firebase stores the users GCM tokens and if some of the GCM tokens are invalid or were updated, the Endpoint connects to Firebase to update those GCM tokens into the users node.

Right now, my users node security rules are as follows:

"rules": {
"users": {
  ".read": "auth !== null",

  "$uid": {
    // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
    ".write": "auth !== null && auth.uid === $uid" 

At the moment, the Google Cloud Endpoint is not allowed to update the users GCM Tokens and I'm thinking to implement an authentication process in the Endpoint that generates a custom token just to allow the endpoint to write into the users node.

Is this the way to go? or I'm totally wrong?

Answer 1

If you want your Cloud Endpoint to authenticate with Firebase as "itself", you can mint a custom token and pass that into authWithCustomToken. See this page in the docs: https://www.firebase.com/docs/android/guide/login/custom.html

The process is similar to what Jenny described for Node.js in How do you authenticate a server to Firebase?