firebase-authenticationopenid-connectokta

How to use Firebase Authentication with Okta?


I am currently using Firebase Authentication in my app using the built-in OIDC providers (Google, Facebook etc.). Is it possible to use Okta as an additional OIDC provider with minimal modifications to my app, meaning Okta should behave just like any other built-in provider? Firebase Auth apis, such as firebase.auth().currentUser and firebase.auth().onAuthStateChanged() should still work.

The doc page for Custom Authentication talks about getting a custom token from an auth server, but does not clarify if that's an OAuth access token. Is there an example of Okta integration or a generic OIDC integration that works seamlessly with Firebase auth?


Solution

  • There's no built-in Okta provider for Firebase Authentication, but if you have an existing authentication flow for it, it's fairly easy to integrate it into Firebase as a custom provider.

    It's a 6 step process:

    1. You gather the user credentials on the client.
    2. You pass those credentials to a trusted environment, either a server you control, or Cloud Functions.
    3. On the server you verify that the credentials are correct according to Okta, typically by calling a server-side API they provide with a key you provide.
    4. You then use the results of that call to mint a new ID token for the user. This is a JWT, not an OAuth access token.
    5. You pass back that ID token from the server to the client.
    6. The client then calls firebase.auth().signInWithCustomToken(token) with the ID token, to sign in to Firebase Authentication.