Skip to main content

Authenticate with Firebase authentication

Firebase authentication is a service for securely signing users into applications. It supports authentication using passwords, phone numbers, popular federated identity providers like Google, Facebook, Twitter, and more. Use the Firebase authentication method to quickly integrate with your existing Firebase user base and manage access to Firebase functions without complex custom authentication setups.

The official Firebase auth documentation provides more detail:

Using Firebase authentication

warning

Since a user must log in when using Firebase auth, integrations that use this auth method can't be used in Workflows or Scheduled Jobs

Use the following instructions to set up Firebase authentication.

Get Firebase auth config

  1. Navigate to your project in the Firebase console

  2. In the console, go to the Authentication section

  3. Click on the Settings tab followed by Authorized domains

  4. Click Add domain and add either app.superblocks.com or eu.superblocks.com

    Add Superblocks to authorized domains

  5. From the Project overview page, click Add app and select Web as your app's platform

    Create a new Firebase web application

  6. Name your new web app and click Register app

  7. Copy the firebaseConfig object in the SDK code snippet. Make sure you don't copy the semicolon at the end of the line

    Copy SDK config firebaseConfig

Configure Integration

  1. In the web app, navigate to the Integrations page
  2. Click into an existing REST integration, or create a new one
  3. Select Firebase in the Authentication method dropdown
  4. Paste the firebaseConfig object you copied previously into the API config field
  5. Choose the sign-in methods you want to support
  6. Use the firebase object in Headers or Params to define how the firebase token will be used when calling your API. For example, to send the access token as an Authorization header, set: firebase.token referenced in Authorization header

Authentication with Firebase will be initiated in the user's browser when an API using this Integration executes.

The firebase object

The results of a Firebase exchange can be referrenced in your Integration configuration using the firebase object. The firebase object has the following properties.

PropertyDatatypeDescriptionFull Path
tokenSTRINGThe access token returned by the OAuth flowfirebase.token

Token caching and refresh

This section includes specifics on how Firebase access tokens are handled. For more information on sessions management see our guide on Credential & Session Management

Cache location

After your Firebase authentication flow returns an access token, it is saved as an HTTP-Only Secure cookie in the user's browser. The token is cached in the browser since it is already exposed to the browser as a part of the authentication flow. The cookie cannot be accessed using JavaScript so is safe from exfiltration.

Refreshing access tokens

Superblocks Firebase authentication does not support token refresh. Once the user's access token has expired, Superblocks will reprompt the user to log in.