react-nativefirebase-authenticationopenldapfirebase-adminldapjs

Authentication on LDAP Server using React Native and Firebase custom tokens

I'm trying to authenticate my users (from my RN application) through the LDAP server (I've already found one to try authentication here, and it works!). I can create a custom token using Firebase every time I receive the credentials of the users (username and password) and save it in the Firebase real-time database.

The main problem is that I do not know how to connect my application with the LDAP server, I investigated and found that I have to install something like openLDAP or ldapjs but I do not understand how authentication has to be My guess is:

  1. User login in my RN application
  2. The RN application sends credentials to Firebase
  3. Firebase creates a custom token (uses the Firebase Functions to generate the custom token)
  4. Firebase returns the custom token to the RN application
  5. The RN application sends the token to the LDAP server (the server has predetermined users and passwords for testing)
  6. The LDAP server validates the token, therefore, authentication
  7. LDAP server returns attributes or "not found" to the RN application
  8. RN App grant / deny access to the app

Any help or advice will be well received, thanks :) Sorry for my bad english.

Solution

  • You're almost there, but instead of sending the Firebase custom token to the LDAP server, you authenticate the user with the LDAP server before minting the Firebase token. Both of these must be done in a trusted environment, such as a server you control or Cloud Functions, and you'll typically use a Firebase Admin SDK on that environment.

    So:

    1. User login in my RN application.
    2. The RN application sends credentials to trusted environment.
    3. Trusted environment verified credentials with the LDAP server.
    4. Trusted environment creates a custom token using the Firebase Admin SDK. If needed this token can contain custom attributes from the LDAP server, in the form of Custom Claims.
    5. Trusted environment returns the custom token to the RN application
    6. RN App grant / deny access to the app

    For more on this, see the Firebase documentation on custom auth. From there:

    To achieve this, you must create a server endpoint that accepts sign-in credentials—such as a username and password—and, if the credentials are valid, returns a custom JWT. The custom JWT returned from your server can then be used by a client device to authenticate with Firebase (iOS, Android, web).