Authentication with google firebase and spring

Question

I want to use auth from google firebase, and integrate it with spring boot. I am not sure that I have good idea how to implement roles/authorities. I have in mind this scenario:

1. On success authentication with firebase, frontend send request to secured spring backend endpoint, and data on this endpoint contains which roles should user have, so frontend use this data to set claims for user. Backend use claims to authorize user when accessing endpoints.

Is this okey, or is there faster/better solution?

Answer 1

That sounds like a good approach. Have a look at the Firebase documentation on verifying ID tokens as that'll be your starting point once your backend receives the token from the client.

The only addition I can make at this point is that many of Firebase's own backend services cache recently decoded tokens (with the undecoded token as the key) to allow subsequent requests to more quickly look up the information for that token. While this is not required, it's an easy speed up once you're ready for that.