CODEWITHSUNDEEP
node.jsfirebasetokenfirebase-authentication
blackjack
blackjack

Reputation: 1131

How to validate an authentication token against firebase?

I don't mean custom authentication with firebase. What I need is slightly different from that custom authentication that generates tokens in application server and allows access in firebase. Actually, I'm trying to authenticate in firebase with e-mail and password , for instance, and with that authentication be able to access restful services in some application server. Is this possible ? I think that in some way an token could be sent to application server after firebase authentication and that server would validate the auth token against firebase.

Client --------authenticates ------->> Firebase
Client <<--------auth token ---------- Firebase
Client --------- sends ------------->> Application server (NodeJS)
App Server ------- validates (auth token) ---->> Firebase

Thanks in advance.

Upvotes: 20

Views: 26998

Answers (2)

sun1211
sun1211

Reputation: 1608

Client --------authenticates ------->> Firebase

import firebase from 'firebase/app';
import 'firebase/auth';
import 'firebase/firestore';

const googleAuthProvider = new firebase.auth.GoogleAuthProvider();
const auth = firebase.auth();

const authenticates = await auth.signInWithPopup(googleAuthProvider).then(user => user).catch(err => err)

Client <<--------authtoken ---------- Firebase

you will get data from authenticates response

authtoken = authenticates.credential.idToken
email = authenticates.user.email
...

Client --------- sends ------------->> Application server (NodeJS)

const sends = await axios({
    method: 'post',
    url: `${API_BASE_URL}/request`,
    headers: {
        'Authorization': `Bearer ${authtoken}`,
    },
    data: {
        from: next_cursor,
        size: next_cursor + 100,
    }
});

App Server ------- validates (auth token) ---->> Firebase

We will have app_oauth2_client_id when we initialize firebase authentication

import { OAuth2Client } from 'google-auth-library';

const oauth2Client = new OAuth2Client(process.env.app_oauth2_client_id);

function verifyOauth2Token(token) {
  const ticket = await oauth2Client.verifyIdToken({
    idToken: token,
    audience: [process.env.app_oauth2_client_id]
  });
  return ticket.getPayload();
}

const tokenInfo = await verifyOauth2Token(token);

for tokenInfor

{
  iss: 'accounts.google.com',
  azp: '671303332471-5n8014rorllmd09n8mmadesc2qidpda5.apps.googleusercontent.com',
  aud: '671303332471-5n8014rorllmd09n8mmadesc2qidpda5.apps.googleusercontent.com',
  sub: '100037911230177975416',
  email: '[email protected]',
  email_verified: true,
  at_hash: '3rxsMOftrr9NZWlBkYznuQ',
  iat: 1635842823,
  exp: 1635846423
}

Upvotes: 16

Ymmanuel
Ymmanuel

Reputation: 2533

You can get the token with the async getToken method available in iOS, Web and Android

Web:

https://firebase.google.com/docs/reference/js/firebase.User#getToken

iOS: https://firebase.google.com/docs/reference/ios/firebaseauth/interface_f_i_r_user#properties

Android: https://firebase.google.com/docs/reference/android/com/google/firebase/auth/FirebaseUser.html#public-constructor-summary

And send that token to your backend server, then you can use the verifyIdToken method in the server to validate the token and get the token's uid

Server method https://firebase.google.com/docs/auth/server#verify_id_tokens

Upvotes: 21

Related Questions