Thanks to this answer I am able to connect to Firebase 3 via HTTP REST API and an email/password. Logging in with this API returns an access token that is used to access the Firebase Database. This access token expires after 1 hour. A refresh token is also returned after logging in, which I can use to refresh my access token. Here is what I am doing specifically:
Method:
POST
URL:
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=<my-firebase-api-key>
Payload:
{
email: "<email>",
password: "<password>",
returnSecureToken: true
}
Response:
{
"kind": "identitytoolkit#VerifyPasswordResponse",
"localId": "<firebase-user-id>", // Use this to uniquely identify users
"email": "<email>",
"displayName": "",
"idToken": "<provider-id-token>", // Use this as the auth token in database requests
"registered": true,
"refreshToken": "<refresh-token>",
"expiresIn": "3600"
}
In the case of refreshing my access token:
URL:
https://securetoken.googleapis.com/v1/token?key=<my-firebase-api-key>
Payload:
{
grant_type: "refresh_token",
refresh_token: "<refresh-token>"
}
Response:
{
"access_token": "<access-token>",
"expires_in": "3600",
"token_type": "Bearer",
"refresh_token": "<refresh-token>",
"id_token": "<id-token>",
"user_id": "<user-id>",
"project_id": "<project-id>"
}
How do I access my database via HTTP REST API given that I have my access token?
So after communicating with technical support, here's my answer:
In your database rules, include something like this that is compatible with what you're doing:
{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid",
".read": "$user_id === auth.uid"
}
}
}
}
And in your database, create a users
table, and within that, create a table with the name of your <user-id>
of the authentication email/password account you are using. Within that table is the information you will be able to access via your access-key
.
Then send a request like this:
https://samplechat.firebaseio-demo.com/users/<user-id>.json?auth=<access-key>
Where access-key
is the key that can be known as idToken
, id_Token
, or access_key
in JSON responses from Google.