26

All I found was this old answer:

https://groups.google.com/forum/#!topic/firebase-talk/rApG8QQd6t4

Does a fellow SOer know any information or could a Firebase engineer provide a more detailed answer?

I am currently trying to authenticate the user with Steam using this library:

https://github.com/liamcurry/passport-steam

and then use Firebase custom tokens to get the user in my Firebase auth system.

I don't know if this is the right approach. Regardless, I am stuck.

EDIT:

Here is my current code:

app.js

var passport = require('passport');
var SteamStrategy = require('passport-steam').Strategy;

app.use(passport.initialize());

passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(obj, done) {
  done(null, obj);
});

passport.use(new SteamStrategy({
    returnURL: 'http://localhost:8080/users/steam/return',
    realm: 'http://localhost:8080/',
    apiKey: steamKey.steam,
    stateless:true
  },
  function(identifier, profile, done) {

    profile.identifier = identifier;
    return done(null, profile);
  }
));

users.js

    router.get('/steam', passport.authenticate('steam', { failureRedirect: 'login' }), function(req, res, next) {

});

router.get('/steam/return', 
  function(req, res, next) {
      req.url = req.originalUrl;
      next();
  }, 
  passport.authenticate('steam', { failureRedirect: 'users/login' }),
  function(req, res) {
    console.log(JSON.stringify(req.query));
    var oid = req.query["openid.claimed_id"];
    var array = oid.split("/id/");
    console.log("Array: "+array);
    var result = array[1];
    console.log(result);
    admin.auth().createCustomToken(result)
      .then(function(customToken) {
         res.render("users/login",{token: customToken, passed: true});
      })
      .catch(function(error) {
        console.log("Error creating custom token:", error);
      });
});

users/login.ejs:

<a href="steam"><img id="steamLogin" src="../../public/assets/steamLogin.png"/></a>
    <script>

        if ("<%=passed%>" == "true") {
            firebase.auth().signInWithCustomToken("<%=token%>").catch(function(error) {
                if (error) {
                    alert(error);
                }
                else {
                    res.redirect("screenshots/index");
                }

            });   
        }  

    </script>

My current issue is the following:

1) This works but exposes the Steam claimed ID as the public UID for the user. Is it safe to expose the user claimed ID? Does that not mean anyone could impersonate my user by using his claimed ID?

2) There is nothing under "Identifier" in my Firebase Auth dashboard. How can I specify an identifier when signing in the user?

3) In fact, what should I use as the uid when creating the custom token?

p u
  • 1,395
  • 1
  • 17
  • 30
TheProgrammer
  • 1,409
  • 4
  • 24
  • 53

1 Answers1

1

Your way of doing it is the correct way, as also mentioned in another question where it is said that "Firebase supports signing in with any provider, as long as you are willing to write the code for it.". The question also gives a link to the docs for doing this, for anyone interested in implementing steam auth. To explain, firebase supports certain auth providers out of the box, when it does not support the auth provider you need to write you own auth code, which is a process that generates an auth token. The linked article explains how you should go about generating the tokens.

Runner
  • 81
  • 8