Authenticate your Firebase users with Huawei ID
Introduction
Mobile applications need to store securely identity of users or manage user’s session. There are many methods to do this. Firebase Auth or Huawei Auth Service are one of them.
Users can sign in to your applications in a several methods like Facebook, Google, email and password etc. with Firebase Auth.
Unfortunately currently Firebase Auth doesn’t support Huawei ID as a sign in method but you can still authenticate your users with Huawei ID using a custom authentication system.
In this article, I tried to explain how you can do this. Also I developed a sample application on this topic and published it on Github. You can find sample application at the below link.
Huawei ID
Huawei ID is a sign in method that allows Huawei users to log in to applications quickly and securely. It’s similar to Apple ID or Google sign in.
There is a HMS Kit that called Account Kit allows to users sign in with their Huawei ID. You can integrate easily Account kit into your projects and have fast and secure login method.
Firebase Custom Auth
As I said, there is custom auth capabilities on Firebase Auth. You can authenticate your users with custom authentication system by modifying your backend server to generate custom signed tokens when a user successfully signs in.
Note: Before I explain you how to develop, I want to inform about Firebase Auth. Some Huawei devices will not have Google Mobile Services (GMS) in the future. Therefore Firebase services that depended GMS will not work on that devices. Firebase Auth is the one of them. It needs GMS to working but it has REST APIs. We can still use Firebase Auth capabilities using Firebase Auth REST API instead of Firebase Auth library.
Development
Development steps are the followings:
- Request Authorization Code
We need sign in Huawei before sign in Firebase Auth to obtain user information. (Profile picture, UID, email address etc.) so send an authorization request to Huawei Account Server using Account Kit.
- Obtain ID Token
If the user accepts the authorization request, you can get the user information, including the ID token. The ID token is in JWT format and it contains user information on payload section. (Display name, picture, token expire time etc.)
So far, we have signed in with our Huawei ID using the Account Kit and client side done for now. We need modify our backend server.
Note: In this sample i used Heroku server as a backend server but you can use Firebase Cloud Functions, Huawei Cloud Functions or your backend server to verify ID token, generate custom firebase token etc.
- Verify ID Token (Optional*)
This is an optional step. You may need verify ID token is an actually true.
There are two way to verify an ID Token(Local verification and Server verification). You can find them click here.
In this sample i used server verification. It’s very simple to use. You send request with ID Token and Huawei server returns you it is ID token or not.
- Get user or create new user
Huawei Account has unionID. Each user has a unique unionID. It’s similar to Firebase UID. We will use this id to generate firebase custom token and it will be user’s Firebase UID.
Firstly we check if user already exists in Firebase. If user doesn’t exist we will create new user based on unionID using Firebase Admin SDK else we will get the user to generate an custom token.
- Create Firebase Auth custom token
In this step we should have a Firebase user to generate firebase custom token. Generate an custom token based on user’s firebase uid using Firebase Admin SDK and return it to the client.
- Login with custom token using Firebase Auth
This is final step, we have firebase custom token. We will exchange custom token for an ID and refresh token using Firebase Auth REST API and login process will be finish.
Getting Started
AppGallery
If you don’t have a project on AppGallery yet, you can learn how to create it by clicking the link below.
Download agconnect-services.json to obtain your HMS Android config file (agconnect-services.json).
Move your config file into the module (app-level) directory of your app. (YOUR_PROJECT_PATH/app/)
Make you sure configure SHA-256 certificate fingerprint and set Data storage location on AppGallery Console.
Enable Account Kit on AppGallery Console
Firebase
If you don’t have a Firebase project yet, you can learn how to create it by clicking the link below.
Download google-services.json to obtain your Firebase Android config file (google-services.json).
Move your config file into the module (app-level) directory of your app. (YOUR_PROJECT_PATH/app/)
Make you sure configure SHA-1 certificate fingerprint on Firebase Console.
Server
We need Firebase Admin SDK to get user data, generate custom token or create a new user. Therefore you should generate new private key and move it to your server project root path.
As I said before, you can use Firebase Cloud functions, Huawei Cloud Functions, Heroku or your own backend server as the backend. It will act as a simple API.
Replace <DATABASE_URL> in index.js with your Firebase database url. You can find your database url
I developed simple API with Express Framework and published it on Heroku.
Step 1: Post Request to /createCustomToken
Step 2: Verify ID Token (Optional*)
This is an optional step. If you want, you can verify user ID token locally on client or verify on Huawei server on your backend.
Step 3: Bring the user from Firebase according to the uid or create a new user.
If user doesn’t exist on Firebase, you can get auth/user-not-found error.
Step 4: Create custom token using the Firebase Admin SDK on your backend server.
Create a custom token based on user UID to excange refresh and ID token
Step 5: Return token to client
Here is the server side code
Make sure you have Node.js and run npm install and npm start.
Android
Open the build.gradle file in the app module of your project and add libraries.
Sign in with Huawei ID and start sign in flow
After sign in successfully, we obtain user’s ID token, UID, email, name and profile picture and send them to our server.
Now we obtained Firebase custom token from our server. We should exchange custom token for an ID and refresh token using Firebase Auth Rest API.
I told you only important things in code part. You can find full source code on Github.
Run
Conclusion
In this artice you learned how to authenticate your Firebase users with their Huawei ID.
That is all.
Thanks.
