You can use the Google Cloud Identity Platform REST API to programmatically manage a Firebase project's OAuth identity provider (IdP) configuration. With this API, you can configure the identity providers you want to support, and update, enable, and disable your project's current OAuth configurations.
Get authorization
Before you can call the REST API, you need an OAuth 2.0 access token that grants Editor access to your Firebase project. For example, to get an access token using a service account in Node.js:
const
googleAuth
=
require
(
'google-auth-library'
);
const
SCOPES
=
[
'https://www.googleapis.com/auth/cloud-platform'
];
async
function
getAccessToken
()
{
const
serviceAccount
=
require
(
'/path/to/service_account_key.json'
);
const
jwtClient
=
new
googleAuth
.
JWT
(
serviceAccount
.
client_email
,
null
,
serviceAccount
.
private_key
,
SCOPES
,
null
);
return
jwtClient
.
authorize
().
then
((
tokens
)
=
>
tokens
.
access_token
);
}
Add a new OAuth identity provider configuration
To add a new OAuth identity provider (IdP) configuration, POST the new
configuration to the projects.defaultSupportedIdpConfigs
endpoint.
You will need to specify the ID of the identity provider and your client ID and client secret, which you typically get from the provider's developer site. Here are the identity providers that Firebase supports and their IDs:
| Provider | IdP ID |
|---|---|
| Apple | apple.com
|
| Apple Game Center | gc.apple.com
|
facebook.com
|
|
| GitHub | github.com
|
google.com
|
|
| Google Play Games | playgames.google.com
|
linkedin.com
|
|
| Microsoft | microsoft.com
|
twitter.com
|
|
| Yahoo | yahoo.com
|
For example, using Node.js:
const
fetch
=
require
(
'node-fetch'
);
const
GCIP_API_BASE
=
'https://identitytoolkit.googleapis.com/v2'
;
async
function
addIdpConfig
(
projectId
,
accessToken
,
idpId
,
clientId
,
clientSecret
)
{
const
uri
=
`
${
GCIP_API_BASE
}
/projects/
${
projectId
}
/defaultSupportedIdpConfigs?idpId=
${
idpId
}
`
;
const
options
=
{
method
:
'POST'
,
headers
:
{
'Authorization'
:
`Bearer
${
accessToken
}
`
},
body
:
JSON
.
stringify
({
name
:
`projects/
${
projectId
}
/defaultSupportedIdpConfigs/
${
idpId
}
`
,
enabled
:
true
,
clientId
:
clientId
,
clientSecret
:
clientSecret
,
}),
};
return
fetch
(
uri
,
options
).
then
((
response
)
=
>
{
if
(
response
.
ok
)
{
return
response
.
json
();
}
else
if
(
response
.
status
==
409
)
{
throw
new
Error
(
'IdP configuration already exists. Update it instead.'
);
}
else
{
throw
new
Error
(
'Server error.'
);
}
});
}
(
async
()
=
>
{
const
projectId
=
'your-firebase-project-id'
;
const
accessToken
=
await
getAccessToken
();
const
idpId
=
'facebook.com'
;
const
clientId
=
'your-facebook-client-id'
;
const
clientSecret
=
'your-facebook-client-secret'
;
try
{
await
addIdpConfig
(
projectId
,
accessToken
,
idpId
,
clientId
,
clientSecret
);
}
catch
(
err
)
{
console
.
error
(
err
.
message
);
}
})().
catch
(
console
.
error
);
If the call succeeds, it returns the newly-created configuration. For example:
{
name
:
'projects/your-numerical-project-id/defaultSupportedIdpConfigs/facebook.com'
,
enabled
:
true
,
clientId
:
'your-facebook-client-id'
,
clientSecret
:
'your-facebook-client-secret'
}
If you try to configure an identity provider that has already been configured for your project, the call returns HTTP error 409. In this situation, you can update the configuration instead, as described below.
Update an OAuth identity provider configuration
To enable or disable an OAuth identity provider, or update your project's client
configuration, first get the provider's current configuration by making a GET
request to the the projects.defaultSupportedIdpConfigs
endpoint.
Then, make the changes you want to the configuration and PATCH the new
configuration to the projects.defaultSupportedIdpConfigs
endpoint.
For example, using Node.js:
async
function
getIdpCfg
(
projectId
,
accessToken
,
idpId
)
{
const
uri
=
`
${
GCIP_API_BASE
}
/projects/
${
projectId
}
/defaultSupportedIdpConfigs/
${
idpId
}
`
;
const
options
=
{
method
:
'GET'
,
headers
:
{
'Authorization'
:
`Bearer
${
accessToken
}
`
},
};
return
fetch
(
uri
,
options
).
then
((
response
)
=
>
{
if
(
response
.
ok
)
{
return
response
.
json
();
}
else
if
(
response
.
status
==
404
)
{
throw
new
Error
(
'IdP configuration not found. First add the IdP'
+
' configuration to your project.'
);
}
else
{
throw
new
Error
(
'Server error.'
);
}
});
}
async
function
updateIdpConfig
(
accessToken
,
idpCfg
)
{
const
uri
=
`
${
GCIP_API_BASE
}
/
${
idpCfg
.
name
}
`
;
const
options
=
{
method
:
'PATCH'
,
headers
:
{
'Authorization'
:
`Bearer
${
accessToken
}
`
},
body
:
JSON
.
stringify
(
idpCfg
),
};
return
fetch
(
uri
,
options
).
then
((
response
)
=
>
{
if
(
response
.
ok
)
{
return
response
.
json
();
}
else
if
(
response
.
status
==
404
)
{
throw
new
Error
(
'IdP configuration not found. First add the IdP'
+
' configuration to your project.'
);
}
else
{
throw
new
Error
(
'Server error.'
);
}
});
}
(
async
()
=
>
{
const
projectId
=
'your-firebase-project-id'
;
const
accessToken
=
await
getAccessToken
();
const
idpId
=
'facebook.com'
;
try
{
// Get the IdP's current configuration.
const
idpCfg
=
await
getIdpCfg
(
projectId
,
accessToken
,
idpId
);
// Update the configuration. (For example, disable the IdP.)
idpCfg
.
enabled
=
false
;
await
updateIdpConfig
(
accessToken
,
idpCfg
);
}
catch
(
err
)
{
console
.
error
(
err
.
message
);
}
})().
catch
(
console
.
error
);
If you try to update the configuration of an identity provider you've never configured for your project, the calls will return HTTP error 404. Instead, configure a new identity provider as shown in the previous section .
