8

We have been developing a multi platform project which will eventually have an Android app, an iOS app and a web application. We are impressed with the features offered by Google Firebase therefore trying to leverage the opportunities.

Since our product is a multitenant software-as-a-service application we have custom authentication requirements. Therefore we followed the custom authentication implementation path of Firebase and it is functional now.

  • Our mobile clients send login requests to our API server,
  • Our API server issues customTokens and reponds them back to the clients,
  • Clients call signInWithCustomToken(customToken) method to sign in to Firebase.

So far so good.

What the issue is, our backend is in PHP and Firebase doesn't have an official Admin SDK for PHP. Yes, there is a package called kreait/firebase-php on Composer however it is far away from covering all of the Auth Admin SDK features. For example, there is a documented disable-user feature which is available on Firebase Admin SDK, however that operation is not implemented on the kreait/firebase-php package.

On the other hand Firebase has a Auth Rest API which just works with the API KEY. However, (I suppose ) it is designed to work on the client side therefore it just has operations for the authenticated user.

  • Our API server is already hosted on Google Compute Cloud and has the maximum set of access permissions on the Google Cloud services.
  • We have the Firebase service account file to work with the Firebase Auth services.

What we need is to consume all available Firebase Admin SDK features (possibly via Rest). For example, we would like to call revokeRefreshToken(uid) when a user changes his/her password on one of his/her devices.

Since at this specific issue there isn't any documentation, what would you advise us to do?

Update (25 January 2018)

The above mentioned missing endpoints on the Firebase unofficial PHP Admin SDK are now implemented by the maintainer after a productive discussion on a Github issue. However, I would like keep this question open since the nature of the question is asking for ideas for further collaboration and discussion.

Lashae
  • 1,372
  • 1
  • 20
  • 36
  • If Firebase SDKs and APIs don't have the capabilities you want, file a feature request describing your situation. https://firebase.google.com/support/contact/bugs-features/ – Doug Stevenson Jan 15 '18 at 17:55
  • @DougStevenson In deed issue is not about the capabilities, but the packages. SDK has the feature we need; however, Firebase doesn't have an official PHP SDK and unofficial one(s) doesn't cover all the specs. – Lashae Jan 16 '18 at 05:26
  • Right, so you should put a feature request in for the creation of a PHP SDK that meets your needs. – Doug Stevenson Jan 16 '18 at 05:30
  • Yeap, I did :-) Thank you for this idea. However, somehow I need to implement my API integration and I'm open to ideas on the implementation path ;-) – Lashae Jan 16 '18 at 05:33
  • Oh god, i was excited to see the Auth rest API, but I was conflating it with ADMIN sdk, took me a while to figure out it's using regular old user identity tokens, as in, operations on behalf of the user, not admin. Why can't i find the API that is backing these SDKs? Are they using this https://developers.google.com/identity/protocols/OAuth2ServiceAccount I need to just dig into the source. – Ryan Romanchuk May 13 '19 at 04:30

2 Answers2

5

Maintainer of said unofficial PHP SDK here :). You already have updated your original post to include that the SDK now supports the features that were missing.

I am posting this as a dedicated answer to be visible to people arriving here and searching for answers as well.

Although the Admin SDK for PHP is still not feature complete, we are getting there. I added feature matrix to the README of the Github project so that you can quickly see what is available and what isn't.

Going forward, I will implement new features by either implementing things similarly to the official Admin SDKs (especially https://github.com/firebase/firebase-admin-node) and by using the existing libraries provided by the Google Cloud Platform Library.

At some point in the future, Google will certainly provide all the necessary building blocks to use Firebase efficiently with PHP, but until then, I am happy about every happy PHP developer using my library :).

FYI: I just released a new version (4.1.0) which includes support for Firebase Cloud Storage and did in fact use the google/cloud-storage for that.

jeromegamez
  • 3,348
  • 1
  • 23
  • 36
  • Your dedicated answer here and your effort for "fulfilling the missing piece" makes really sense. Keep up the good work ;-) – Lashae Feb 28 '18 at 07:32
1

I think you can use the Identity Toolkit libraries provided by Google. Here's the one for PHP: https://github.com/google/identity-toolkit-php-client

Hiranya Jayathilaka
  • 7,180
  • 1
  • 23
  • 34
  • @hiyanya-jayathilaka Thank you for pointing out Google Identity Toolkit. I were not aware of it, however [it's Documentation page]() says: "*The newest version of Google Identity Toolkit has been released as Firebase Authentication. New projects should use Firebase Authentication.*" – Lashae Jan 25 '18 at 05:42
  • 1
    Firebase doesn't have a PHP client, so this is the next best thing. It uses the same REST API as Firebase as far as I can tell. – Hiranya Jayathilaka Jan 25 '18 at 06:17
  • Unfortunately, Firebase Rest API *seems to be* a non-admin SDK. When I reverse-engineered the official admin SDKs I saw lots of Rest endpoints, which are not documented anywhere. And of course they are consumable (after a detailed analysis) and until Firebase releases the official PHP Admin SDK this seems to be the only way to go. By the way, although I would like to keep this question open for further contributions and discussions; the missing endpoints which are emerging for my implementation are in deed implemented by the mentioned unofficial PHP SDK. I updated my original post accordingly. – Lashae Jan 25 '18 at 07:42
  • Admin SDKs use the identity toolkit REST API for user management features. These endpoints are documented [here](https://developers.google.com/identity/toolkit/web/reference/relyingparty). [Admin SDK](https://github.com/firebase/firebase-admin-python/blob/master/firebase_admin/_user_mgt.py#L35) and the Google [identity toolkit libraries](https://github.com/google/identity-toolkit-php-client/blob/master/src/GitkitClient.php#L26) both use this REST API under the hood. – Hiranya Jayathilaka Jan 25 '18 at 18:32
  • But on the [above mentioned page](https://developers.google.com/identity/toolkit/web/reference/relyingparty) it says: *"The newest version of Google Identity Toolkit has been released as Firebase Authentication. It includes upgraded client SDKs, open source UI libraries, session management and integrated email sending service for forgotten password flows. New projects should use Firebase Authentication. To migrate an existing project from Identity Toolkit to Firebase Authentication, see the migration guide."* If so, where is the corresponding endpoints on the Firebase Auth side? – Lashae Jan 25 '18 at 19:46