AWS AppSync with Firebase Authentication

5
votes

I would like to use Firebase Auth as the Authorization service for AWS AppSync. In the AppSync settings, I tried to add Firebase Auth as an OpenID Connect provider, but it seems like I'm doing something wrong since I'm getting this error while trying to make a request with a Firebase Auth tokenId:

{
  "errors": [
    {
      "errorType": "UnauthorizedException",
      "message": "Missing authorization header"
    }
  ]
}

In AppSync im using these settings:

  • Authorization type: OpenID Connect
  • OpenID Connect provider domain (Issuer URL): https://securetoken.google.com/<Firebase Project ID>
  • Client ID: <Firebase Api Key>
  • Issued At TTL: 0
  • Auth Time TTL: 0

When performing the query I use the TokenId provided by firebase, and not the ones that come from the federated identity provider(Facebook or Google for example).

1
firebasefirebase-authenticationopenid-connectaws-appsync
Hello there, I see you have implemented Firebase as OpenID Connect Identitiy Provider for AppSync. I was wondering can you give me a guide how to achieve this? More specifically how to generate the Issuer URL from FirebaseAshik
I did abandon this idea in the end, but to generate the issuer URL all you need is the firebase Project ID. That can be found in the firebase console settings for a project. Then just place it here: https://securetoken.google.com/<Firebase Project ID>Samuel E.
Thank you very much for your quick reply. I am currently confused if I should use firebase or use Cognito User Pool which is a service of aws for authentication. Can you suggest me if I should use firebase or not?Ashik
Well, I was too, thats why I tried this. To me, it seems like the better option is firebase auth since its completely free, but it might be easier to get support and to get work done with Cognito if you intend to use it with Amazon services. So I would suggest you think about what seems more important to you, easy support or price.Samuel E.
I was the same but Cognito doesn't support Twitteranasqadrei

1 Answers

5
votes

Apparently, I didn't need to specify the Client ID in the settings. Works fine without it.