How to use Firebase Auth Admin SDK via Rest Api?

7
votes

We have been developing a multi platform project which will eventually have an Android app, an iOS app and a web application. We are impressed with the features offered by Google Firebase therefore trying to leverage the opportunities.

Since our product is a multitenant software-as-a-service application we have custom authentication requirements. Therefore we followed the custom authentication implementation path of Firebase and it is functional now.

  • Our mobile clients send login requests to our API server,
  • Our API server issues customTokens and reponds them back to the clients,
  • Clients call signInWithCustomToken(customToken) method to sign in to Firebase.

So far so good.

What the issue is, our backend is in PHP and Firebase doesn't have an official Admin SDK for PHP. Yes, there is a package called kreait/firebase-php on Composer however it is far away from covering all of the Auth Admin SDK features. For example, there is a documented disable-user feature which is available on Firebase Admin SDK, however that operation is not implemented on the kreait/firebase-php package.

On the other hand Firebase has a Auth Rest API which just works with the API KEY. However, (I suppose ) it is designed to work on the client side therefore it just has operations for the authenticated user.

  • Our API server is already hosted on Google Compute Cloud and has the maximum set of access permissions on the Google Cloud services.
  • We have the Firebase service account file to work with the Firebase Auth services.

What we need is to consume all available Firebase Admin SDK features (possibly via Rest). For example, we would like to call revokeRefreshToken(uid) when a user changes his/her password on one of his/her devices.

Since at this specific issue there isn't any documentation, what would you advise us to do?

Update (25 January 2018)

The above mentioned missing endpoints on the Firebase unofficial PHP Admin SDK are now implemented by the maintainer after a productive discussion on a Github issue. However, I would like keep this question open since the nature of the question is asking for ideas for further collaboration and discussion.

2
phpfirebasefirebase-authenticationgoogle-compute-enginefirebase-admin
If Firebase SDKs and APIs don't have the capabilities you want, file a feature request describing your situation. firebase.google.com/support/contact/bugs-featuresDoug Stevenson
@DougStevenson In deed issue is not about the capabilities, but the packages. SDK has the feature we need; however, Firebase doesn't have an official PHP SDK and unofficial one(s) doesn't cover all the specs.Lashae
Right, so you should put a feature request in for the creation of a PHP SDK that meets your needs.Doug Stevenson
Yeap, I did :-) Thank you for this idea. However, somehow I need to implement my API integration and I'm open to ideas on the implementation path ;-)Lashae
Oh god, i was excited to see the Auth rest API, but I was conflating it with ADMIN sdk, took me a while to figure out it's using regular old user identity tokens, as in, operations on behalf of the user, not admin. Why can't i find the API that is backing these SDKs? Are they using this developers.google.com/identity/protocols/OAuth2ServiceAccount I need to just dig into the source.Ryan Romanchuk

2 Answers

5
votes

Maintainer of said unofficial PHP SDK here :). You already have updated your original post to include that the SDK now supports the features that were missing.

I am posting this as a dedicated answer to be visible to people arriving here and searching for answers as well.

Although the Admin SDK for PHP is still not feature complete, we are getting there. I added feature matrix to the README of the Github project so that you can quickly see what is available and what isn't.

Going forward, I will implement new features by either implementing things similarly to the official Admin SDKs (especially https://github.com/firebase/firebase-admin-node) and by using the existing libraries provided by the Google Cloud Platform Library.

At some point in the future, Google will certainly provide all the necessary building blocks to use Firebase efficiently with PHP, but until then, I am happy about every happy PHP developer using my library :).

FYI: I just released a new version (4.1.0) which includes support for Firebase Cloud Storage and did in fact use the google/cloud-storage for that.

1
votes

I think you can use the Identity Toolkit libraries provided by Google. Here's the one for PHP: https://github.com/google/identity-toolkit-php-client