Overview
Firebase allows you to integrate your own servers with Firebase Authentication. You can either use one of the official Firebase server SDKs or use a third-party JSON Web Token (JWT) library to manage authentication tokens. There are two primary reasons you would want to do this:
Custom Authentication
You can integrate an external user system with Firebase. For example, you may already have a pre-existing user database or you may want to integrate with a third-party identity provider that Firebase Authentication doesn’t natively support.
To do this, you can create custom tokens with arbitrary claims identifying the user. These custom tokens can then be used to sign into the Firebase Authentication service on a client application and assume the identity described by the token's claims. This identity will then be used when accessing other Firebase services, such as the Firebase Realtime Database and Firebase Storage.
Identity Verification
Firebase Authentication is primarily used to identify users of your app in order to restrict access to other Firebase services, such as the Firebase Realtime Database and Firebase Storage. But you can also use the service to identify these users on your own server. This lets you securely perform server-side logic on behalf of users that have signed in with Firebase Authentication.
To do this, you can retrieve an ID token from a client
application signed in with Firebase Authentication and include the token in a request
to your server. Your server then verifies the ID token and extracts the claims
that identify the user (including their uid, the identity provider they
logged in with, etc.). This identity information can then be used by your
server to carry out actions on behalf of the user.
The Firebase server SDKs provide methods for accomplishing the two authentication tasks above by enabling you to generate custom tokens and verify ID tokens.
Custom token creation
The primary use for creating custom tokens is to allow users to authenticate against an external or legacy authentication mechanism. This could be one you control, such as your LDAP server, or a third-party OAuth provider which Firebase does not natively support, such as Instagram or LinkedIn.
The Firebase Node.js and Java server SDKs have built-in methods for creating custom tokens. You can also programmatically create custom tokens in any language using third-party JWT libraries.
Your server should create a custom token with a unique identifier (uid) and
pass that token to a client app, which will use it to sign in to Firebase. See
Create custom tokens for code samples and more
details about the custom token creation process.
ID token verification
If your Firebase client app communicates with your backend server, you might need to identify the currently signed-in user on your server so you can perform server-side logic on their behalf. You can do this securely by using ID tokens, which are created by Firebase when a user signs into a Firebase app. ID tokens conform to the the OpenID Connect spec and contain data to identify a user, as well as some other profile and authentication related information. ID tokens are used under the covers by Firebase services (such as the Firebase Realtime Database and Firebase Storage) to authorize user access. You can also send, verify, and inspect these tokens from your own backends. This allows you to securely identify the currently signed in user and authorize them into your own backend resources.
The Firebase Node.js and Java server SDKs have built-in methods for verifying ID tokens. You can also programmatically verify ID tokens in any language using third-party JWT libraries. See Verify ID tokens for more details and code samples about the ID token verification process.
Need help? Visit our