Firebase, relogin automatically usin REST services

2
votes

I am using firebase for authentication, by calling REST endpoint with email/password.

https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=[API_KEY]

If user exists in database, I receive a json of following format:

{
  "kind": "identitytoolkit#VerifyPasswordResponse",
  "localId": "ZY1rJK0eYLg...",
  "email": "[[email protected]]",
  "displayName": "",
  "idToken": "[ID_TOKEN]",
  "registered": true,
  "refreshToken": "[REFRESH_TOKEN]",
  "expiresIn": "3600"
}

Right after that, I want to automatically re-login when I am opening app again. As far as I understand I need to use for that Sign in with OAuth credential from Firebase API(https://firebase.google.com/docs/reference/rest/auth/#section-sign-in-with-oauth-credential)

But, I cant understand what parameters I should use to do that, taking into account my initial email/password login.

API accepts following: 

curl 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?key=[API_KEY]' \
-H 'Content-Type: application/json' \
--data-binary '{"postBody":"id_token=[GOOGLE_ID_TOKEN]&providerId=[google.com]","requestUri":"[http://localhost]","returnIdpCredential":true,"returnSecureToken":true}'

What should I use for GOOGLE_ID_TOKEN, providerId and requestUri? Have I received anything in my first login?

1
authenticationfirebaseloginfirebase-authentication

1 Answers

2
votes

You seem to be confusing Firebase ID tokens with Google ID tokens. After the user logs in via verifyPassword, you store locally the refreshToken and the idToken. You need the idToken for authenticated access to restricted resources like Firebase Database, etc. The idToken will expire after some time, typically one hour. You use the stored refreshToken to get a new idToken via: https://firebase.google.com/docs/reference/rest/auth/#section-refresh-token