java firebase-admin cannot log user in and get token no client

0
votes

I have no front end. I want users to use my API e.g (postman) with a basic auth header (email:password) and then using this header I can get the users data from firebase.

however I find no method to authenticate the actual user?

 <dependency>
  <groupId>com.google.firebase</groupId>
  <artifactId>firebase-admin</artifactId>
  <version>6.11.0</version>
</dependency>

I have correctly connected to DB using 

FileInputStream serviceAccount =
  new FileInputStream("path/to/serviceAccountKey.json");

FirebaseOptions options = new FirebaseOptions.Builder()
  .setCredentials(GoogleCredentials.fromStream(serviceAccount))
  .setDatabaseUrl("https://DBNAME.firebaseio.com")
  .build();

FirebaseApp.initializeApp(options);

I have tried to look into the methods:

FirebaseAuth.getInstance().
FirebaseDatabase.getInstance().

but I see no options to sign in the user from my server...

seems very easy from nodejs server... e.g

firebase.auth().signInWithEmailAndPassword(email, password)

does this method exist in java/ how can I do this in java for server and no client??

1
javafirebasefirebase-authenticationfirebase-admin
I'm curious what problem you're trying to solve by having your API accept an email and password pair for a Firebase Auth user account when no user is present. You might be going about this the wrong way. - Doug Stevenson
By the way, the JavaScript code you're referencing isn't really for backends, it's for "client" applications. If you want to use the Admin SDK on node, you do not have an option to sign in the user, as it's not possible to sign in a user on the backend of a Firebase project. There is no equivalent "client" SDK available for java, just the Admin SDK for backends. - Doug Stevenson
The current implementation is that we take a basic auth credentials to /login api, That returns a user token (session) which is then used for the other requests to show the user is authenticated via a header. However we are attempting to switch the datasource to firestore, by migrating the user logons and user data, to allow us to quickly build a front end application for admins. However I cant seem to find a way to authenticate a user and give them a token from the back end when I cannot verify the auth? the original database would be scrapped per say - user2950720

1 Answers

1
votes

The way Firebase Auth generally works is like this. The client app should be signing in to get an ID token, and passing along that token to the backend for each call. The backend should verify the token received from the client with each request using the Firebase Admin SDK.

Typically, client apps will use one of the client SDKs for mobile and web apps. It will manage all the details of authenticating the user, getting a token, and refreshing the token every hour.

If you can't use one of the client SDKs, you will essentially have to write your own, or search the internet to see if someone else has already done it. If you write your own code, you will have to invoke the Firebase Auth REST APIs directly to get and refresh that token. You don't really have any alternatives to this with Firebase Auth - that's the way it was designed.