I have fully integrated Firebase Auth in my Android App, now I want the client to interact with my backend (rails) using a unique Token. my question is this how it’s done :
- User is logged-in, using for example Facebook Auth,
- Send the Firebase Token to backend and verify it
- Respond to the client with a unique Token for the upcoming Api requests (get users data, save user data …)
Thank you
3
Answers
You do not need step #3. Firebase Auth Android SDK getToken() API returns a short-lived (one hour) Firebase Auth ID Token for the login user, and automatically returns a new token if the previous one expires.
The Firebase token verification doc describes how to get a Firebase token on client app and verify the token on server side.
Taking JinLiu’s answer forward , once you get the Token in your android code , send it to your backend say : https://www.yourbackend.com?authenticate?token=asdad7687h…
Note that the token generated by Firebase is a JWT token , we need to first verify its authenticity and decode it in the backend. For this , you need to add these two gems to your gemfile
gem ‘jwt’ , ‘1.5.6’
gem ‘rest-client’ , ‘2.0.1’
With that done , you need to add these two (private) function in your controller:
Now you can call get_set_user as before action to see , if the user has valid token .
The idea is simple. Check if the token is signed by one of the keys mentioned at https://www.googleapis.com/robot/v1/metadata/x509/[email protected] . If yes , decode the token and get the firebase id .
I have developed the firebase_id_token gem.
It deals with all the certificates/signature business.
It can be used simply as: