How to validate an authentication token against firebase?

node.js firebase token firebase-authentication

15,023

Solution 1

Client --------authenticates ------->> Firebase

import firebase from 'firebase/app';
import 'firebase/auth';
import 'firebase/firestore';

const googleAuthProvider = new firebase.auth.GoogleAuthProvider();
const auth = firebase.auth();

const authenticates = await auth.signInWithPopup(googleAuthProvider).then(user => user).catch(err => err)

Client <<--------authtoken ---------- Firebase

you will get data from authenticates response

authtoken = authenticates.credential.idToken
email = authenticates.user.email
...

Client --------- sends ------------->> Application server (NodeJS)

const sends = await axios({
    method: 'post',
    url: `${API_BASE_URL}/request`,
    headers: {
        'Authorization': `Bearer ${authtoken}`,
    },
    data: {
        from: next_cursor,
        size: next_cursor + 100,
    }
});

App Server ------- validates (auth token) ---->> Firebase

We will have app_oauth2_client_id when we initialize firebase authentication

import { OAuth2Client } from 'google-auth-library';

const oauth2Client = new OAuth2Client(process.env.app_oauth2_client_id);

function verifyOauth2Token(token) {
  const ticket = await oauth2Client.verifyIdToken({
    idToken: token,
    audience: [process.env.app_oauth2_client_id]
  });
  return ticket.getPayload();
}

const tokenInfo = await verifyOauth2Token(token);

for tokenInfor

{
  iss: 'accounts.google.com',
  azp: '671303332471-5n8014rorllmd09n8mmadesc2qidpda5.apps.googleusercontent.com',
  aud: '671303332471-5n8014rorllmd09n8mmadesc2qidpda5.apps.googleusercontent.com',
  sub: '100037911230177975416',
  email: '[email protected]',
  email_verified: true,
  at_hash: '3rxsMOftrr9NZWlBkYznuQ',
  iat: 1635842823,
  exp: 1635846423
}

Solution 2

You can get the token with the async getToken method available in iOS, Web and Android

Web:

https://firebase.google.com/docs/reference/js/firebase.User#getToken

iOS: https://firebase.google.com/docs/reference/ios/firebaseauth/interface_f_i_r_user#properties

Android: https://firebase.google.com/docs/reference/android/com/google/firebase/auth/FirebaseUser.html#public-constructor-summary

And send that token to your backend server, then you can use the verifyIdToken method in the server to validate the token and get the token's uid

Server method https://firebase.google.com/docs/auth/server#verify_id_tokens

15,023

Author by

blackjack

Updated on June 06, 2022

Comments

blackjack almost 2 years
I don't mean custom authentication with firebase. What I need is slightly different from that custom authentication that generates tokens in application server and allows access in firebase. Actually, I'm trying to authenticate in firebase with e-mail and password , for instance, and with that authentication be able to access restful services in some application server. Is this possible ? I think that in some way an token could be sent to application server after firebase authentication and that server would validate the auth token against firebase.
```
Client --------authenticates ------->> Firebase
Client <<--------auth token ---------- Firebase
Client --------- sends ------------->> Application server (NodeJS)
App Server ------- validates (auth token) ---->> Firebase
```
Thanks in advance.
blackjack almost 8 years

That's exactly what I was looking for. Thanks.
Bikash over 7 years

verifyIdToken only validate the token, how to handle blacklisted or disabled accounts in custom server ?