Firebase is an amazon suite of products aimed at supporting web and mobile applications. The services include various data storage options, as well as authentication services. Since authentication and authorization can be a pain, smaller teams / independent developers might very well want to ‘outsource’ their authentication to the firebase service, rather than handle it themselves.
Firebase offers a javascript SDK that provides the ability authenticate via the tried and true email / password combo, or any one of the third-party supported auth providers (which can be configured in the firebase console).
After using one of the built-in methods the client javascript SDK provides to send an authentication request to Google.
if the credentials are valid, the response the client receives back will include a “fire-token”. It will look something like this:
For basic authentication, we're interested in the idToken in the credentials object. This fire-token is a JWT token, encrypted via the RS256 algorithm.
If you have a custom backend you're going to want to save this token to local storage on the client side, and send it along with requests for resources on your backend that require authentication.
After sending the fire token to the backend, you're going to want to decode it. There is SDK support for decoding the fire token for some languages. Unfortunately, if your backend is rails, you're going to have to do it yourself.
The decoded token will look something like this:
Header Info
Data Payload
To verify the fire token, first decode it using a standard JWT library for your language. Then you will need to perform some validations. Taken directly from the firebase docs:
In Part 2, I will go over each of these validations in more detail.
Until Then.
Top comments (0)