Firebase Authentication via OpenID Connect

Question

I would like to authenticate users against Firebase Authentication via OpenID Connect. In other words:

• create a Firebase project
• add users under authentication
• get an issuer URL for my project that implements OIDC Discovery
• get a clientID
• use the issuer URL and the clientID in my app that acts as an OIDC client to retrieve information / id_token for users in the Firebase Project

The documentation does not mention this possibility, so I'd understand if this was not possible.

However:

• using OIDC is quite the standard way to do these things
• there is this and this post that actually tell me this is/was possible
• the OIDC discovery document they mention is actually available my project too, although it is incomplete (missing the endpoint URLs)
• digging in the GC dev console it seems like OAuth2 is used internally in the Firebase SDK - newly created service accounts inherit some callback URLs that belong to my Firebase project

Implementing my own IDP using Firebase Auth seems to be an overkill, especially that it might already be available.

Any hints anyone?

Answer 1

With Firebase you have the choice of using the simpler Firebase Auth or the more comprehensive Identity Platform to authenticate your users and Identity Platform does support OIDC authentication.

Here's a comparison of the differences.

Identity Platform just simply needs to be enabled for your project and it will begin authenticating users without changing a line of code. Both services utilize the same Firebase JS SDK for authentication making the transition easy.

The only "downside" is that the Identity Platform isn't free, but does have a very generous free tier.