Use react-native-firebase/auth OAuth provider to auth Azure AD credential - react-native

I am developing a mobile with react-native (react-native-firebase/auth) and using Firebase Auth to manage user login. In the beginning, I only use the email/password to auth users and work nice.
Now I would like to let users use Azure AD. Since react-native-firebase/auth does not support Microsoft account at this moment, so I use react-native-app-auth. Afterwards, use the Microsoft credential to auth the Firebase user and link them together.
const result = await authorize(config);
const credential = auth.OAuthProvider.credential(
result.idToken,
result.accessToken,
);
const userCredential = await auth().signInWithCredential(credential);
When calling the signInWithCredential, it throw an error : [auth/internal-error].
Currently, I have backend user profile like to a Firebase user account. I don't want to complicate the backend to have multiple auth methods. Ideally, it can be done at the Firebase would be great.
Thanks.

Seems like you have to use a custom token.
Unlike other OAuth providers supported by Firebase such as Google, Facebook, and Twitter, where sign-in can directly be achieved with OAuth access token based credentials, Firebase Auth does not support the same capability for providers such as Microsoft due to the inability of the Firebase Auth server to verify the audience of Microsoft OAuth access tokens.
If these providers are required to be used in unsupported environments, a third party OAuth library and Firebase custom authentication would need to be used.
source: Firebase doc

Related

How to generate a credential for JWT authentication for a machine user (programmatic/non-human) using Google OAuth?

I have a django restframework backend and a react frontend that uses google social auth to authenticate human users. The flow is a relatively simple JWT flow.
The user goes to my website
The user logs in with their google account
the google window sends a credential to my backend
the credential is verified on the backend
I send back an access token that allows the user to use my app which makes rest calls to my backend
I would like to generate a similar access token to pass to the backend so that I can access my api from lambda functions.
Is it possible to use the client_id and client_secret from my google console credentials to generate the same type of token to send to my backend? I've also looked into google service accounts, but this seems to be used specifically for accessing google services, not a generic API that is simply protected via google authentication.
If none of the above options work? How would you recommend I authenticate machine users via google auth?

Firebase Authentication for MOODLE

I have created a Moodle portal. Is it possible to have FIREBASE authentication (for Sign-Up and Sign-In) for MOODLE?
There is no default provider for Moodle sign-in for Firebase, but you can create your own custom provider that mints Firebase tokens based on your verified Moodle credentials.
The flow for this is:
You collect the user's credentials and pass these to your server.
You call the Moodle API to sign the user in.
You then mint a Firebase token from the verified information about this user.
You pass the token back to the client, and sign in to Firebase there.

How to use Firebase Authentication with Okta?

I am currently using Firebase Authentication in my app using the built-in OIDC providers (Google, Facebook etc.). Is it possible to use Okta as an additional OIDC provider with minimal modifications to my app, meaning Okta should behave just like any other built-in provider? Firebase Auth apis, such as firebase.auth().currentUser and firebase.auth().onAuthStateChanged() should still work.
The doc page for Custom Authentication talks about getting a custom token from an auth server, but does not clarify if that's an OAuth access token. Is there an example of Okta integration or a generic OIDC integration that works seamlessly with Firebase auth?
There's no built-in Okta provider for Firebase Authentication, but if you have an existing authentication flow for it, it's fairly easy to integrate it into Firebase as a custom provider.
It's a 6 step process:
You gather the user credentials on the client.
You pass those credentials to a trusted environment, either a server you control, or Cloud Functions.
On the server you verify that the credentials are correct according to Okta, typically by calling a server-side API they provide with a key you provide.
You then use the results of that call to mint a new ID token for the user. This is a JWT, not an OAuth access token.
You pass back that ID token from the server to the client.
The client then calls firebase.auth().signInWithCustomToken(token) with the ID token, to sign in to Firebase Authentication.

Facebook login via Firebase. Should I verify both Facebook access token and Firebase IdToken?

This is not exactly a problem; rather I would like to clarify Firebase authentication.
I build an Angular app and I use Firebase Authentication to sign in via Facebook (later with other providers too). Everything works fine. However, I need to verify access token. Since I get two tokens, one from Facebook and one from Firebase, should I verify both? Or verifying Firebase IdToken is enough?
Does Firebase "verify" Facebook (and other providers) access token?
Firebase Auth will verify the Facebook access token before they complete sign-in for that user and mint an ID token for that user. It is the whole point of using Firebase Auth. You don't need to manage different providers and their intricacies. They do it for you. You just get one standard credential (ID token) regardless of the underlying provider. You only need to verify that ID token.
You get the verification for free (they verify under the hood) with other Firebase Services (RTDB, Firestore, Storage). If you are using your own server, you can use Firebase Admin SDK to verify the token.

Firebase custom OAuth authentication

FireBase appears to support OAuth-based authentication from Facebook, Twitter, Google, GitHub. What about a different OAuth provider? It would be great if there were a generic "OAuth" option where in addition to specifying an API Key and Secret you specified whatever other information was needed.
Is it possible to use FireBase's existing OAuth-based authentication modules without rolling my own custom OAuth authentication module for FireBase, by possibly forking from one of the "built-in" OAuth mechanisms? Which one is the most generic, if so?
I also struggled for a while now with this, and here's how I've done it for my project. Run a node.js express server that will have the role to:
get the req from your frontend app
redirect user to oauth page
return to node.js in case of success/error and compute the token needed for firebase in order to successfully login the user.
res with a cookie containing this token and redirect the user back to frontend app to complete the process.
You will have to run the node server on a different vps in order for your app to work but you'll probably need it anyway if you have a bigger app that needs to run private stuff on the backend and not everything upfront.
Firebase has 5 OAuth-based authentication, Facebook, Twitter, Google, GitHub and Custom Auth for now. Using Custom Authentication Firebase gives you complete control over user authentication by allowing you to authenticate using secure JSON Web Tokens (JWTs). So you can specify additional options to API Key and Secret. For example:
var logInAndThen = function(options) {
var secret = '********************';
var tokenGenerator = new FirebaseTokenGenerator(secret);
var token = tokenGenerator.createToken(credentials[options.userType ||
'admin'
};