6

The firebase javascript client SDK has sustained access to, say, a facebook oauth token. My understanding is an app can just call firebase.auth.FacebookAuthProvider.credential() and if it is signed in, it will receive a facebook access token with which it can do API calls. The key point here is that the token is not stored in my database, but in firebase auth, securely.

I want my back-end to be able to make these API calls on behalf of my app. why can't I call admin.auth.facebookauthprovider.credential() to retrieve the token?

Please note I will actually be implementing this for Slack oauth. At the moment, I will otherwise have to encrypt Slack tokens in my firestore DB. This instagram firebase example does that, and I feel it defeats the purpose of firebase auth

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Nth.gol
  • 746
  • 9
  • 20
  • Admin SDK operates as a special "admin" user. Individual end-user credentials are not available in that context. Although you can pass a Firebase ID token from a client app to the server, [verify it](https://firebase.google.com/docs/auth/admin/verify-id-tokens), and then perform some operation based on the result. – Hiranya Jayathilaka May 04 '18 at 16:57
  • I also wanted to add that Firebase Auth does not store or manage any non-Firebase OAuth tokens. It only returns the initial OAuth tokens provided by IdP and discards them after. – bojeil May 06 '18 at 20:24
  • oh... @bojeil I guess I misunderstood. Wouldn't it be a good feature if it did? Then authentication would be great - no encryption for firebase customers to deal with. I'm sure many would want to keep those original oauth tokens – Nth.gol May 07 '18 at 01:37
  • You should file a feature request for it: https://firebase.google.com/support/ – bojeil May 07 '18 at 06:51

0 Answers0