Using Firebase Auth with Django
You can use Firebase Auth with any framework. You don't necessarily need to use custom auth. Typically, you would sign in the user on the client, get the ID token by calling firebase.auth().currentUser.getIdToken()
and then pass the ID token to your server, verify it and parse its payload identifying the user ID and its other claims by using the Firebase Admin SDKs and then you can issue a session cookie identifying the user associated with that ID token.
On signout, you would clear that session cookie.
If you also need to persist that user on the backend after setting the session cookie, you can also use the Firebase Admin SDK to lookup a user identified by the user ID or just use the token claims to populate the user without any network call. You can populate that in the user model of associated framework if needed.
For more on session management, you can refer to this django documentation: https://docs.djangoproject.com/en/3.0/topics/http/sessions/
newmanne
Updated on June 06, 2022Comments
-
newmanne about 2 years
I want to use firebase authentication for my django webapp. To achieve this, I think would I need to write a custom auth backend - is that right? I don't see any libraries that already do this - django-allauth looks like it comes pretty close as an alternative but I am interested in the phone number verification provided by firebase.
I'm also confused about what happens to the User model and functions like
request.user
oruser.is_authenticated
. Right now I use the authenticate and login functions - how doesdjango
know that a user is logged in viafirebase
? Would I still be creating a User model for every user?Thanks
-
Evan Zamir over 6 yearsSo it sounds to me like you wouldn't use something like django-rest-auth with this?
-
Jan Vorcak over 5 yearsThanks for a great answer @bojeil, I'm attaching this link to a documentation that might be useful for others firebase.google.com/docs/auth/admin/verify-id-tokens
-
chirag soni about 5 years@bojeil what do you mean by this line in your ans: verify it and parse its payload identifying the user ID and its other claims by using the Firebase Admin SDKs
-
oligopol over 4 yearsUpdated link: docs.djangoproject.com/en/3.0/topics/http/sessions