Firebase Authentication C# Library
You may have noticed in my previous post about Firebase that I completely omitted any form of authentication. For any non-trivial application, at least a basic authentication is a must. Firebase offers several ways how to authenticate your requests, some of which are quite straightforward, some less so..
Firebase Database Rules
Before we get to client-side authentication I recommend you get familiar with Firebase Database security rules. Their documentation contains several samples, such as this one:
This rule basically says that each user can read / write only information about themselves. The auth is actually a variable which contains information about authenticated user (or is null, if the user is not authenticated). $user is a location variable. So a user with uid=12345 can only read / write to location users/12345.
That’s for the server side of things. In your app, all you need to do (when using the REST APIs) is to specify the “auth” URL parameter in your request. So the URL can then look like this:
With the FirebaseDatabase.net library you can set the auth using FirebaseOptions and its AuthTokenAsyncFactory:
Now it’s just a matter of figuring out what to set as the “token value” value.
Authenticate with your app secret
One option you have is to use your app’s database secret. This is fine in case you have a server-side app which doesn’t operate on a per-user basis. Your server-side app will then have access to your entire repository.
Authenticate with custom token generated server-side
If you need your requests to be authenticated on a per-user basis you can generate something called a JWT (JSON Web Token). This is basically a digitally signed piece of information (such as ID of the user). There is already a C# library you can use for that.
Again, note that you need your app’s database secret to be able to sign the data. This makes it unusable for client-side apps because if someone managed to decompile your app and figure out the secret they would get unlimited access to your app. That’s why you should only use this approach for server-side apps.
Authenticate with third-party entity
Turns out Google has a URL endpoint where you can post the access token you get from the third party (e.g. Facebook) and get back a valid JWT (along with some other information) which you can then use for authenticating with Firebase Database. To save you (and myself) the trouble of doing this manually in your apps I created a tiny library which does everything for you. Here is a sample usage:
Compared to the official SDKs this is really lightweight — you don’t get the full blown login flow out of the box, you need to build that yourselves (authenticating the user with OAuth, retrieving the access token, extending it with the refresh token, etc.). But there are already existing libraries that can help you (Google, Facebook, Github, Twitter).
Authenticate with email and password
Another way of authenticating is with a combination of email and password. In this case Firebase manages the user accounts and takes care of things such as password resets etc.
The library gives you three methods to support this type of login:
I think the names are self-explanatory. I would like to point out once again that these are very lightweight methods and you still have to build the entire UI flow, but hopefully they will make your life a little easier.
Where can I get the library?
Following frameworks are supported:
- .NET 4.5+
- Windows 8.x
- Windows Phone 8.1
If you have any questions or encounter any errors just raise an issue on GitHub.