Firebase Authenticate Simple Login

Question

TL;DR : Is there any way to use the auth=CREDENTIALS with the Simple Login (Email/Password) in Firebase?

I am trying to connect my C# Application's users to my Firebase. I could set up pretty much all calls using my Secret Token, but now I need to be able to, at least, get the current user UID so I know where the data should be sent to.

The way I went with my PUSH, PUT, GET request was something like this, using my secret token as login:

var authToken = "SECRET";
url = "https://MyLocation.firebaseio.com/" + url + ".json?auth=" + authToken;
return WebRequest.Create(url);

But now I'd like to get something supporting the Email/Password simple login, something like this:

var authToken = "{email:[email protected], password:thePassword}";
url = "https://MyLocation.firebaseio.com/" + url + ".json?auth=" + authToken;
return WebRequest.Create(url);

My tries using CURL weren't successful... Maybe there's no way to do that? or any suggestions?

Thanks for the help!

Answer 1

I spoke with the support at Firebase and found a temporary solution, and a real solution.

Real solution: Manage the user and their password manually in all environments, using Firebase as "Database". That was basically what I was trying to do with my question. That resolve in using Firebase custom auth.

Temporary solution: (And what I did as I do not need as much security as the real solution offers)

1. Get something that identify the current user. Here I can get the current user email without even asking him.

2. Base64 the identifier:

   byte[] result = System.Text.Encoding.UTF8.GetBytes(email);
   email = Convert.ToBase64String(result);
   

3. Put, push, patch the required information via REST to firebaseio.com/Base64

4. In the user interface, that uses JavaScript, do the same process to read/write data at the user, using something like base64.min.js

    var ref = new Firebase("https://aFirebase.firebaseio.com");
    //Things happen
    ...
    //We register a user
    function createUser(email, password){
        //Allows us to create a user within firebase
        ref.createUser({
            email : email,
            password : password
        }, function(error, userData){
                if (error) {
                    //The creation of the user failed
                    alert(error);
                } else {
                    //The creation of the user succeeded
                    console.log("Successfully created user account with uid:", userData.uid);
                    //We make sure we are at the correct position in our firebase
                    ref = ref.root().child(base64.encode(email));
                    //We check if the child exist
                    if(ref == ref.root()){
                        //The child doesn't exist
                        //We have to create it
                        user = {};
                        //Set the child with a value for the UID, that will fit with the rules
                        user[base64.encode(email)] = {uid:userData.uid};
                        //We set the new child with his value in firebase
                        ref.set(user);
                    }else{
                        //The child exist, we can update his information to go accordingly with our rules
                        ref.update({uid:userData.uid});
                    }
                    //Who wants to register and then not be logged in?
                    //We can add something upon login if his email is not validated...
                    login(email, password);
                }
            }
        );
    }

5. Now we have to update our rules in Firebase:

   {
       "rules": {
           "$uid":{
             ".read":"!(data.child('uid').exists() == true) || data.child('uid').val() == auth.uid",
             ".write":"!(data.child('uid').exists() == true) || data.child('uid').val() == auth.uid"
           }
       }
   }
   

With this, the application is somehow secure (as long as the user use the C# application and the JS application, where the rules will be set).

Answer 2

In case of a WebApi application a JWT token could be used along with OWIN pipeline.

app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
    AuthenticationMode = AuthenticationMode.Active,
    AllowedAudiences = new[] { FirebaseValidAudience },
    Provider = new OAuthBearerAuthenticationProvider
    {
        OnValidateIdentity = OnValidateIdentity
    },
    TokenValidationParameters = new TokenValidationParameters
    {
        IssuerSigningKeys = issuerSigningKeys,
        ValidAudience = FirebaseValidAudience,
        ValidIssuer = FirebaseValidIssuer,
        IssuerSigningKeyResolver = (arbitrarily, declaring, these, parameters) => issuerSigningKeys
    }
});        

Here is the sample of Firebase ASP.NET WebApi Authentication application: https://github.com/PavelDumin/firebase-webapi-auth