Firebase Authentication Rest API (Microsoft)

Ali Farah

unread,

Apr 22, 2020, 7:48:23 AM4/22/20

to Firebase Google Group

hey guys,

I'm trying to use Firebase Rest API to sign in with an OAuth credential [1].

Sample requests were given for Google, Facebook and Twitter.

i.e

curl 'https://identitytoolkit.googleapis.com/v1/accounts:signInWithIdp?key=[API_KEY]' \
-H 'Content-Type: application/json' \
--data-binary '{"postBody":"access_token=[FACEBOOK_ACCESS_TOKEN]&providerId=[facebook.com]","requestUri":"[http://localhost]","returnIdpCredential":true,"returnSecureToken":true}'

I was wondering if the API is available for use for all providers or just these three?

When I tried to use microsoft.com as the providerId including the access_token I get 400 request error.

[1] https://firebase.google.com/docs/reference/rest/auth

Ali Farah

unread,

Apr 22, 2020, 10:41:23 AM4/22/20

to Firebase Google Group

Another question I have is what is the purpose of the param requestUri?

The docs say "The URI to which the IDP redirects the user back."

How exactly does this redirection happen? Should localhost be changed to your domain name in production?

thanks

Ali Farah

unread,

Apr 23, 2020, 8:26:06 AM4/23/20

to Firebase Google Group

Please ignore this thread as I have resolved my issue. Just in case anyone ever comes across this issue:

The problem was I did not include the tenant id in the token/authentication endpoint. In the docs [1]

They put the token endpoint as: https://login.microsoftonline.com/common/oauth2/v2.0/authorize

but really it should be https://login.microsoftonline.com/{tendantId} /oauth2/v2.0/authorize

Same goes for the authorization endpoint should be:

https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize"

I don't understand why some of their docs have common, and others have tenantId...or why theres's a difference.

[1] https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

Ali Farah

unread,

Apr 23, 2020, 8:26:10 AM4/23/20

to Firebase Google Group

Can I please get some assistance? I've dumped my code here, I know its exactly reproducable but maybe it helps:

func (a *App) SignInFirebaseWithOAuthCredential(r *http.Request, service string, ar *model.AccessResponse) (*model.FirebaseOAuthResponse, *model.AppError) {
  sso := a.Config().GetSSOService(service)
  providerId := *sso.ProviderId
  p := url.Values{}
  p.Set("access_token", ar.AccessToken)
  p.Set("providerId", providerId)
  d := r.Header
  _ = d
  oAuthBody, err := json.Marshal(map[string]interface{}{
    "requestUri":         "http://localhost",
    "postBody":            p.Encode(),
    "returnSecureToken":   true,
    "returnIdpCredential": true,
  })

  if err != nil {
    return nil, model.NewAppError("SignInWithOAuth", "api.admin.delete_brand_image.storage.not_found", nil, "", http.StatusNotFound)
  }

  req, requestErr := http.NewRequest("POST", fmt.Sprintf(SignInWithOAuthURL, apiKey), bytes.NewBuffer(oAuthBody))

  if requestErr != nil {
    return nil, model.NewAppError("SignInWithOAuth", "api.admin.delete_brand_image.storage.not_found", nil, "", http.StatusNotFound)
  }

  req.Header.Set("Content-Type", "application/json")
  req.Header.Set("Accept", "application/json")

  resp, err := a.HTTPService.MakeClient().Do(req)

  if err != nil {
    return nil, model.NewAppError("SignInWithOAuth", "api.admin.delete_brand_image.storage.not_found", nil, "", http.StatusNotFound)
  }
  defer resp.Body.Close()

 if ar == nil || resp.StatusCode != http.StatusOK {
    bodyBytes, _ := ioutil.ReadAll(resp.Body)
    bodyString := string(bodyBytes)

    fmt.Println("Error getting OAuth user: " + bodyString)
    return nil, model.NewAppError("SignInWithOAuth", "api.admin.delete_brand_image.storage.not_found", nil, "", http.StatusNotFound)
  } 

  var buf bytes.Buffer
  tee := io.TeeReader(resp.Body, &buf)
  fu := model.FirebaseOAuthResponseFromJson(tee)

  return fu, nil
}

On Thursday, April 23, 2020 at 12:41:23 AM UTC+10, Ali Farah wrote:

Ali Farah

unread,

Apr 23, 2020, 8:26:11 AM4/23/20

to Firebase Google Group

ar.AccessToken is a valid token I don't know why I get this error:

Error getting OAuth user: { "error": { "code": 400, "message": "INVALID_CREDENTIAL_OR_PROVIDER_ID : Invalid IdP response/credential: http://localhost?access_token=EwBgA8l6BAAUO9chh8cJscQLmU%2BLSWpbnr0vmwwAAR%2Bu9phiMVzfJS8SS/i3bAV8aINpSc28gFlHcvUWFqONbxF50HyJUeC4WIf7cNqwyT%2BtK/TVZXKndCnmBB1M2zTlLVsPn1MMJdEDA4TuLERCo/fCPg2HDVEcEpuWdlKCyIbegmDY8fm/S0C4C4famoPDOKG/dyclxw5OSdp6GneSY%2Bn6S7wrFkBZoJsllhWfMCyA3n5tfLf7KRa9P1dAoRffEg6vFfSKwTY1zvGRxKeWuu5Gxwrsy4xxp5rK83NfB5zZ40kXmwJgrx3rkI8wgBLFnRuorULhmR3chLkBR2Y6VxWyXmJtqwf4RkINWQQlAX1rdj6Yr60xqru6vhELljYDZgAACJ9l8TSvrZolMAIjpqgPnBZ%2BkWauZj1Mt4VotFfXFdLbevqXTqjC%2Bljb1uIJr3TdXyKdkq0DZ/b0tZ3vWt/9JVxxN%2B05rGiKnaC2iwlAA2eTKnmwh1Vins6DeelXrMMT5WTxjS1NBNeU%2B6CtK/cBrjjM5ZAoTZCyJ/4zHuNJBfb1QKjvlQxo2mARCE/yLF8ni9Uhe5zIU/T/yyHzC3KKuc0RWUAi1Ksiuaa864bpk8SHdPJU6%2B2OzA1EfUIfKC3lhNyJyXOOPccdhylCKWo2tGiKPDncnEvGq6%2B9QcP/o5q9Hl6XzwLElSn8LvTdQY5GbDxjFa1/tIqfC0vu%2BJPL5DnzB7roVzJJgRV7tJR2I7o4vPT%2BMYJJrXCzoq6UHFWWyOAxwJ8Pil0tS2vj15L1f/3ZNPTKAwcM8NAdjSJOLV8DjnTgkZCf0XGFzYu21OJtWE84tVugj9lW9sS6MUU83RZw2uh5a896/pg1o1DDlax/W%2BpNE/I25Zs%2BrfOl32xfBOqBOb/BLopU1ur/hWSHRRq%2BmdArSC0rNm3wL3JwdE4KQxacgc/BLhJvs9r6Fa5Pc%2BbRY/QvRtvQD2aGM7hDOr1LTygZpB6arZB74HZeZZBymztzKz5PSHFX2Vq5HOzogQ//FFUo6jKTp8MHr24kx%2B9AQ9wa%2BbVcU0y6uDGLXDxz9mdZyj3fceybaklxT70Mlc4LwRC%2BZo71XafaJ%2BpAkE22ttJOtKpjOQslpEKxYbcNx/c7/2YqOitTMW8C&providerId=microsoft.com", "errors": [ { "message": "INVALID_CREDENTIAL_OR_PROVIDER_ID : Invalid IdP response/credential: http://localhost?access_token=EwBgA8l6BAAUO9chh8cJscQLmU%2BLSWpbnr0vmwwAAR%2Bu9phiMVzfJS8SS/i3bAV8aINpSc28gFlHcvUWFqONbxF50HyJUeC4WIf7cNqwyT%2BtK/TVZXKndCnmBB1M2zTlLVsPn1MMJdEDA4TuLERCo/fCPg2HDVEcEpuWdlKCyIbegmDY8fm/S0C4C4famoPDOKG/dyclxw5OSdp6GneSY%2Bn6S7wrFkBZoJsllhWfMCyA3n5tfLf7KRa9P1dAoRffEg6vFfSKwTY1zvGRxKeWuu5Gxwrsy4xxp5rK83NfB5zZ40kXmwJgrx3rkI8wgBLFnRuorULhmR3chLkBR2Y6VxWyXmJtqwf4RkINWQQlAX1rdj6Yr60xqru6vhELljYDZgAACJ9l8TSvrZolMAIjpqgPnBZ%2BkWauZj1Mt4VotFfXFdLbevqXTqjC%2Bljb1uIJr3TdXyKdkq0DZ/b0tZ3vWt/9JVxxN%2B05rGiKnaC2iwlAA2eTKnmwh1Vins6DeelXrMMT5WTxjS1NBNeU%2B6CtK/cBrjjM5ZAoTZCyJ/4zHuNJBfb1QKjvlQxo2mARCE/yLF8ni9Uhe5zIU/T/yyHzC3KKuc0RWUAi1Ksiuaa864bpk8SHdPJU6%2B2OzA1EfUIfKC3lhNyJyXOOPccdhylCKWo2tGiKPDncnEvGq6%2B9QcP/o5q9Hl6XzwLElSn8LvTdQY5GbDxjFa1/tIqfC0vu%2BJPL5DnzB7roVzJJgRV7tJR2I7o4vPT%2BMYJJrXCzoq6UHFWWyOAxwJ8Pil0tS2vj15L1f/3ZNPTKAwcM8NAdjSJOLV8DjnTgkZCf0XGFzYu21OJtWE84tVugj9lW9sS6MUU83RZw2uh5a896/pg1o1DDlax/W%2BpNE/I25Zs%2BrfOl32xfBOqBOb/BLopU1ur/hWSHRRq%2BmdArSC0rNm3wL3JwdE4KQxacgc/BLhJvs9r6Fa5Pc%2BbRY/QvRtvQD2aGM7hDOr1LTygZpB6arZB74HZeZZBymztzKz5PSHFX2Vq5HOzogQ//FFUo6jKTp8MHr24kx%2B9AQ9wa%2BbVcU0y6uDGLXDxz9mdZyj3fceybaklxT70Mlc4LwRC%2BZo71XafaJ%2BpAkE22ttJOtKpjOQslpEKxYbcNx/c7/2YqOitTMW8C&providerId=microsoft.com", "domain": "global", "reason": "invalid" } ] } }

It works fine for Google/Facebook.

thanks

On Thursday, April 23, 2020 at 12:41:23 AM UTC+10, Ali Farah wrote:

Reply all

Reply to author

Forward