If your Firebase client app communicates with a custom backend server, you might need to identify the currently signed-in user on that server. Then, on the server, verify the integrity and authenticity of the ID token and retrieve the uid from it. You can use the uid transmitted in this way to securely identify the currently signed-in user on your server. When a user or device successfully signs in, Firebase creates a corresponding ID token that uniquely identifies them and grants them access to several resources, such as Firebase Realtime Database and Cloud Storage. You can re-use that ID token to identify the user or device on your custom backend server. To retrieve the ID token from the client, make sure the user is signed in and then get the ID token from the signed-in user:. If the provided ID token has the correct format, is not expired, and is properly signed, the method returns the decoded ID token. You can grab the uid of the user or device from the decoded token. Then, use the verifyIdToken method to verify an ID token:.
Retrieve ID tokens on clients
In this topic, we show you how to request access tokens and authorization codes, configure OAuth 2. For your convenience, the policies and endpoints discussed in this topic are available on GitHub in the oauth-doc-examples project in the Apigee api-platform-samples repository. You can deploy the sample code and try out the sample requests shown in this topic.
2. Enter OpenID Connect
OpenID Connect has become the leading standard for single sign-on and identity provision on the Internet. Applications often need to identify their users. The simplistic approach is to create a local database for the users' accounts and credentials. Given enough technical care this can be made to work well.
ID Tokens are used in token-based authentication to cache user profile information and provide it to a client application, thereby providing better performance and experience. The application receives an ID Token after a user successfully authenticates, then consumes the ID Token and extracts user information from it, which it can then use to personalize the user's experience. For example, let's say you have built a regular web application , registered it with Auth0 , and have configured it to allow a user to log in using Google. Once a user logs in to your app, you can use the ID Token to gather information, such as name and email address, which you can then use to auto-generate and send a personalized welcome email. Be sure to validate an ID Token before using the information it contains! You can use a library to help with this task. By default, an ID Token is valid for seconds 10 hours. If there are security concerns, you can shorten the time period before the token expires, keeping in mind that one of the purposes of the token is to improve user experience by caching user information. ID Tokens Talk to Sales.