Search code examples
djangofirebase-authenticationtoken

Firebase Social Auth + Django

I am now creating a mobile app with Flutter + Django as backend. I am planning to use Firebase Authentication with FlutterFire, what I understand is that the user logged in/logged out information will then be at the Firebase database.

What is the common practice to notify the other backend (in this case is Django) that the user has logged in? And then give access to certain feature in the app? Is it that we use callback given from FlutterFire and then use the generated token from Firebase as the token between our Frontend (Flutter) and Backend (Django)?

Thank you

Solution

  • If you want to use the information about the user's Firebase Authentication state in your own backend code, you can:

    1. Request the user's ID token in the Flutter code
    2. Pass that ID token to your server with the relevant request, over a secure connection.
    3. Verify the ID token in your server-side code, and get the claims from that token.
    4. Determine whether the user is authorized to perform the operation.

    This process is pretty well documented in the Firebase documentation on verifying ID tokens, so I recommend taking a look there too.