I want to create chat application using Firebase. I have the backend done in micro-services.
I also built an authentication API micro-service that allow the user to login/register and other. That service is built in Node.js and Mongodb using JWT tokens.
I am not that familiar with Firebase, all I know that you can you their auth/authorization service.
Will it be alright to use that micro-service in Firebase?
You can use the Firebase Admin SDK to mint a token that Firebase Authentication can then use to authenticate your user.
See the Firebase documentation on minting custom tokens for an example.
Related
I am building a REST API in node.js which needs to use Flutter and a React web app as their clients. The problem I'm facing is that I'm not sure where to handle the authorization. Both Flutter and React have a prebuilt "UI" from Firebase that doesen't even need to be connected to the backend. But also there is an option to just take the password and email from the forms and send them to my API which sends them to Firebase via a post request. The flow should be this, a user signs up with Firebase and is created, while that is happening he is also being "signed" up on my API so I can append and store data in his account.
I only need Firebase as an authorization layer, I feel that at this point in time I can't build anything comparable in terms of security when it comes to the authorization.
If you want to work with Firebase Authentication accounts on your backend, then you will need to use the Firebase Admin SDK to manage users. In particular, what you need to do is have the client app send the ID token provided by the SDK and verify the token so your backend can do things on the user's behalf.
I would recommend you to avoid implementing integration with Firebase in the client side, and do it only in the server side. You can use Firebase-Admin to integrate with Firebase in your node.js server. Then, the sign up/in request will be via your API.
In this way, your clients don't depend on 3rd party and all of the library updates should be in your server.
I'm trying to create an API for our app using Express.js endpoints that connect to our Firebase Cloud Firestore database. A main component of responding with the requested information securely is authentication, and we want to be able to make it as straight forward to the users as possible. For example, by them simply sending an API secret key on their requests.
My issue is that all of the authentication mechanisms that Firebase seem to provide require that the client is authenticated with the Firebase SDK, which would be uncomfortable for us to ask users to install.
In short, is there any way that they can either create a firebase token without the SDK or for us to authenticate them securely with an API key on our end? Note that the connection to our API would only be done through our user's back ends, never front end clients.
Thanks!
See:
https://firebase.google.com/docs/auth/admin/create-custom-tokens
Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs). You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the signInWithCustomToken() method.
To achieve this, you must create a server endpoint that accepts sign-in credentials—such as a username and password—and, if the credentials are valid, returns a custom JWT. The custom JWT returned from your server can then be used by a client device to authenticate with Firebase (iOS, Android, web). Once authenticated, this identity will be used when accessing other Firebase services, such as the Firebase Realtime Database and Cloud Storage. Furthermore, the contents of the JWT will be available in the auth object in your Firebase Realtime Database Security Rules and the request.auth object in your Cloud Storage Security Rules.
You can create a custom token with the Firebase Admin SDK, or you can use a third-party JWT library if your server is written in a language which Firebase does not natively support.
I'm developing my first app with firebase auth and Google App Engine, and I'm wondering how should I do some things.
For example: My architecture will be in Google App engine, and I'm using Cloud SQL to store data (using sequelize). The app is developed with node.js and express.
The problem is I want to use firebase auth to make login easier.
Everything for that is done client-side so.... is there any example on how should I use firebase Auth and how should I authenticate my request to my API in order to get which user it is on every request?
Maybe forward the token to the API? and then getting the info?
Thanks for your help.
There are definitely examples of this. What you'll want to do is look at the documentation for the Firebase Admin SDK, which is the SDK that you can run on trusted environments (such as App Engine) to perform actions that require administrative access.
In a typica scenario you'll use the Firebase Authentication SDK to sign the user in in the app, and then pass the ID token to your App Engine back-end. There you'll validate and verify the token, and then perform whatever actions the user is authorized to perform according to your rules.
If you'd be using a Firebase database (either Realtime Database or Cloud Firestore) you would be able to pass the token along and enforce authorized access in Firebase's server-side security rules. But since you're using Cloud SQL (which isn't aware of Firebase), you'll need to enforce your authorization rules in your own App Engine code.
I am currently developing an API project using ClaudiaJS API Builder to build and deploy it on AWS Lambda with it's endpoints exposed on AWS API Gateway. I am planning to have at least a webapp and a mobile app for this platform, so I'm focusing mostly everything on API's, including the authentication methods(signup, signin, logout, verify account, ect.).
Unfortunately, as I am not using Express in this project, I can't find a good way to build these auth methods since every library I find has some dependency on Express (e.g PassportJS).
My initial thoughts for the login workflow are:
User submits login form containing user/pass stored in PostgreSQL
DB.
Front app calls auth API.
API method compared credentials against the user DB (Using BCrypt).
In case of success, API method generates JWT containing a few user details on it's payload and returns to the consumer app.
Is there any good approach for achieving this goal without using Passport and/or Express? Are there any other libs for this purpose or should I just use a regular db query and generate a JWT in case the evaluation succeeds?
Thanks for everyone in advance.
Best regards,
Enrico Bergamo
I am working on an application in which i need to authenticate user. I am using firebase for database. I have used node.js for getting data from firebase. Now all i want is to create login page and in that i need to authenticate user by their email address and password. And i want to use the same method how i am fetching the data that is using node and i don't want to use angularfire for the authentication. Is it possible to perform? If it is can you please share how can i accomplish that?
Authenticating from a server-side process with the Firebase 3.x SDK requires the use of a service account. From the documentation:
When you authenticate a server, rather than sign in with a user account's credentials as you would in a client app, you authenticate with a service account which identifies your server to Firebase.
If you want to custom handle the authentication of your users, you'd create a custom token for your users on the server and then have them pass that to Firebase.
In general I'd recommend reading this article about common application architectures when using the Firebase Database.