B4J Library [server] FirebaseServer - backend verification for signed in users

Discussion in 'B4J Libraries & Classes' started by Erel, Jul 5, 2016.

  1. Erel

    Erel Administrator Staff Member Licensed User

    Users can sign in to your B4A or B4i apps using Google or Facebook with the FirebaseAuth libraries.

    FirebaseServer completes the puzzle with server side verification of the user. This means that the signed in user gets a token id (long string) from Firebase services by calling FirebaseAuth.GetUserTokenId. The client sends the token id to the server.
    The server verifies the token using this library.

    Once verified we know for sure that the request was sent from our app and we know the identity of the signed in user.


    Follow these instructions: https://firebase.google.com/docs/server/setup#add_firebase_to_your_app
    Copy the json file to the Files tab.

    Simple example:
    Sub Process_Globals
    Private fs As FirebaseServer
    End Sub

    Sub AppStart (Args() As String)
    "fs"File.OpenInput(File.DirAssets, "B4A-Test1-1878011f6afe.json"))
    End Sub

    Sub fs_TokenVerified (TokenId As String, Success As Boolean, Token As FirebaseToken)
    If Success Then
    End If
    End Sub
    Library: www.b4x.com/b4j/files/jFirebaseServer.zip
    hani bassam, DonManfred, jmon and 8 others like this.
  2. litefrez

    litefrez New Member Licensed User

    I have built a b4a app to send data to my b4j server. User must authenticate using firebase on the app to be able to use the app with real data and not a demo dataset. I can get the b4j server app to authenticate and even return data to my b4a app, but I am trying to figure out how to set it up so that each request is authenticated. Do I need to build the authentication into each handler class, or am I completely missing something?
    toby likes this.
  3. Erel

    Erel Administrator Staff Member Licensed User

    The client should send the token id when it connects to the server. The server will verify it and store the result in the the user session. Later when the client sends more requests you can check the user session to make sure that the client has authenticated.
    litefrez likes this.
  4. wimpie3

    wimpie3 Well-Known Member Licensed User

    I'm getting an error:

        at com.google.api.client.repackaged.com.google.common.base.Preconditions.checkArgument(Preconditions.java:
        at com.google.api.client.util.Preconditions.checkArgument(Preconditions.java:
        at com.google.api.client.json.webtoken.JsonWebSignature$Parser.parse(JsonWebSignature.java:
        at com.google.firebase.auth.FirebaseToken.parse(FirebaseToken.java:
        at com.google.firebase.auth.FirebaseAuth$
        at com.google.firebase.auth.FirebaseAuth$
        at com.google.firebase.tasks.Tasks$
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:
        at java.lang.Thread.run(
    Last edited: Mar 2, 2017
  5. Erel

    Erel Administrator Staff Member Licensed User

  6. wimpie3

    wimpie3 Well-Known Member Licensed User

    No, that didn't help. So I'm basically stuck here :-(
  7. wimpie3

    wimpie3 Well-Known Member Licensed User

    @Erel I see you have three "..." dots in your token. I don't have them. Could that be the reason? Or did you put those three points there to indicate we should replace the token with our own?
  8. wimpie3

    wimpie3 Well-Known Member Licensed User

    For anyone who is having the same problem, the mystery is solved.
    I thought the token was the same as the userid.

    In reality, you have to do this:
    Sub Auth_SignedIn (User As FirebaseUser)
    End Sub

    Sub Auth_TokenAvailable (User As FirebaseUser, Success As Boolean, TokenId As String)
    End Sub
    And it's the TokenId you have to use in the Firebase Server backend... NOT the userid as I was doing :)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice