Is there any way to get firebase auth token from google oauth2.0 token from client

java firebase oauth-2.0 firebase-authentication google-signin

2793 просмотра

2 ответа

I am using Firebase 3.0 REST API and currently use only google sign in as a means of authentication. After login from android device I tried calling rest API with idToken obtained from below code snippet but get permission denied response:

FirebaseUser mUser = FirebaseAuth.getInstance().getCurrentUser();
        mUser.getToken(true)
                .addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
                    public void onComplete(@NonNull Task<GetTokenResult> task) {
                        if (task.isSuccessful()) {
                            idToken = task.getResult().getToken();
                        }
                    }
            });

Is there any way to generate the id token from the client itself which can be used as access token to authenticate REST API calls?

Автор: unfitgeeks unfitgeeks Источник Размещён: 08.11.2019 10:58

Ответы (2)


1 плюс

Решение

Minting a Firebase Authentication token requires access to the Firebase secret and thus is inherently a server-side task.

Firebase Authentication does not expose a REST API to convert an OAuth token into a Firebase token.

Автор: Frank van Puffelen Размещён: 20.08.2016 02:09

1 плюс

If what you are trying to do is to authenticate accesses to the realtime database with a user's credential, you have to follow the following steps:

  1. Obtain Firebase Auth ID token from a signed in user (your code above exactly, just copied here for reference).

    FirebaseUser mUser = FirebaseAuth.getInstance().getCurrentUser();
    mUser.getToken(true)
         .addOnCompleteListener(new OnCompleteListener<GetTokenResult>() {
             public void onComplete(@NonNull Task<GetTokenResult> task) {
                 if (task.isSuccessful()) {
                     idToken = task.getResult().getToken();
                 }
             }
         });
    
  2. Make an HTTP request to one of the DB REST endpoints with such token passed as a URL parameter the "auth" parameter. Read more about it here.

Some common mistakes worth keeping an eye out for:

  1. Token is expired (they last 1hr since the fetch)
  2. You are sending the token to a database that belongs to a different Firebase project.
  3. The signed in user does not match the restrictions specified in your security rules.
Автор: Alfonso Gomez Jordana Manas Размещён: 25.08.2016 08:29
Вопросы из категории :
32x32