How should I handle Firebase backend authentication

Question

I have written a basic app using Java, Google Web Toolkit and Google Cloud Datastore. For authentication I am using Firebase. When the front end makes a RPC call it passes the user token so that the backend can validate it.

I would like to create a VerifyToken class in the backend, which will receive a user token, call the Firebase verifyIdToken to verify it, then return the user uid or 0 if the user token has not been successfully verified. The class which receives the RPC call will then use the uid to get data and return it in the RPC response.

Here's the current code:

public class VerifyToken
{
    public String verify(String token)
    {
        String uid = "0";

        try
        {
            //Connect to Firebase
            FirebaseOptions options = new FirebaseOptions.Builder()
                      .setServiceAccount(new FileInputStream("firebaseJsonHere"))
                      .setDatabaseUrl("dbUrlHere")
                      .build();

            FirebaseApp.initializeApp(options);

            //Verify the token

            FirebaseAuth.getInstance().verifyIdToken(token)
            .addOnSuccessListener(new OnSuccessListener<FirebaseToken>() {
                @Override
                public void onSuccess(FirebaseToken decodedToken) {
                    String uid = decodedToken.getUid();
                    System.out.println("uid decoded = " + uid);
                }
            }).addOnFailureListener(new OnFailureListener() {
                @Override
                public void onFailure(Exception e)
                {
                    System.out.println(e.getMessage());
                }
            });         

        }catch(Exception e){
             System.out.println("Exception: " + e.getMessage());
        }

        //Return the uid or 0 if not validated
        return uid;
    }
}

Please could someone let me know how to get the result from the SuccessListener. I can see that the uid is successfully decoded, just not sure how to get the result back.

Many thanks, Ed

Thanks, now found the answer here: [http://stackoverflow.com/questions/38418472/how-do-i-secure-my-google-cloud-endpoints-apis-with-firebase-token-verification/38423163#38423163](http://stackoverflow.com/questions/38418472/how-do-i-secure-my-google-cloud-endpoints-apis-with-firebase-token-verification/38423163#38423163) — Ed_, Dec 10 '16 at 11:49

score -1 · Answer 1 · answered Dec 09 '16 at 19:57

I guess you can do:

public String verify(String token)
{
    String uid = "0";

    try
    {
        //Connect to Firebase
        FirebaseOptions options = new FirebaseOptions.Builder()
                .setServiceAccount(new FileInputStream("firebaseJsonHere"))
                .setDatabaseUrl("dbUrlHere")
                .build();

        FirebaseApp.initializeApp(options);

        //Verify the token

        FirebaseToken decodedToken = FirebaseAuth.getInstance().verifyIdToken(token).getResult();
        uid = decodedToken.getUid();

    }catch(Exception e){
        System.out.println("Exception: " + e.getMessage());
    }

    //Return the uid or 0 if not validated
    return uid;
}

I am not a huge fan of String uid = "0"; though, setting it to null instead sounds better to me.

you can't initialize app with default name more then once. this code will end up with exception — vashishth, Mar 30 '20 at 17:55

How should I handle Firebase backend authentication

1 Answers1