Firebase and Auth0 v8 from legacy v7 delegation

Using auth0 has been pleasant so far. Amongst other things the firebase integration is key (for us) to their offering. Building a realtime app requires a realtime database.

We implemented the auth0 v8 SDK except one call to the v7 API to login to the firebase API.

• http://auth0.com/oauth/legacy/grant-type/delegation/id_token

The grant_type legacy delegation scope is required on the Auth0 API to make a call from a client for delegation. This wasn't a problem until June 8th 2017 when they deprecated the legacy scope for clients.

In the meantime we’re attempting to build a replicated version of production and cannot because we are limited by the deprecated auth0 method in our codebase.

So we decided to implement a similar version of the delegation on our API. Because we already authenticate using access_tokens to our API creating a firebase token is novel with the firebase API.

Creating the auth token for firebase

And there you have it. Now on the client make a simple get request to the API with the Bearer Authorization headers and the firebase token can be consumed

Using the token returned on the client

Don’t forget to add firebase rules that prevent the user from accessing the wrong data

Conclusion

Losing functionality is frustrating but extending delegation is pretty straight forward.

If you don’t have a node API there are other possible solutions such as using rules to attach access tokens to the app_meta fields.