Setup and manage a Firebase project using CURL
Working on the internal project one of the use cases included remote configuration of firebase project for native applications. While planning figured out Firebase Management REST API and tried to consume it. I started first with the iOS part, going through the documentation found out that the request body requires Google OAuth 2.0 token. Even though being aware of the working of OAuth, had never practically worked on it and had no idea how to retrieve the access token. On the journey to deepen my knowledge of OAuth came across this wonderful article without the help of it I might not have achieved my goal.
This is my understanding regarding OAuth functionality after reading the article (I might not be right about it please let me know if you find any mistake)
1. Retrieve One time Authorization code (Once in a blue moon) using OAuth 2.0 Client ID (Will explain it later in this article)
2. With the help of One time Authorization code we get Access token and Refresh token
3. Access token expires in 1 hour
4. Refresh token expires only if it is exposed to some kind of risk.
5. Using Refresh token we get Access token
Setup OAuth 2.0 Client
1. Generate a new OAuth 2.0 Client Id on Google Developers Console for that we need to enable ‘Firebase Management API’
— Click on ‘Enable APIS and Service’ on the Dashboard and search for it
2.Go to the Home page and select ‘OAuth consent screen’
— In the consent screen configuration there are 4 sections, under the scope section, we need to add Firebase management APIs
— We need to configure the OAuth consent screen else we won’t be allowed to generate a Client ID
3. Now we will generate OAuth 2.0 Client ID
— Click on ‘Credentials’ on the left side section
— Click on ‘Create Credentials’
— Select ‘OAuth Client ID’ from the dropdown
— From the ‘Application type’ dropdown select Desktop app (because we will be using a browser to get One time Authorization code)
—At the end we will get the Client ID and Client secret
4.Use the Client ID in the following link to generate One time Authorization code. Enter the below link in the browser and select the same Gmail account from which you had generated the Client ID. Google OAuth request body keys
https://accounts.google.com/o/oauth2/v2/auth?client_id=CLIENT_ID&response_type=code&scope=https://www.googleapis.com/auth/firebase&redirect_uri=urn:ietf:wg:oauth:2.0:oob
urn:ietf:wg:oauth:2.0:oob - is used to indicate that display the code on the current webpage itself
Note: In case you get an error in the above image then please try again later because OAuth Client ID generated above takes some time to activate.
5. Now exchange authorization code for retrieve access and refresh token using CURL request
curl ^ --data client_id=CLIENT_ID ^ --data client_secret=CLIENT_SECRET ^ --data code=AUTHORIZATION_CODE ^ --data redirect_uri=urn:ietf:wg:oauth:2.0:oob ^ --data grant_type=authorization_code ^ https://www.googleapis.com/oauth2/v4/token
Note: In the request grant_type=authorization_code
6. Refreshing an access token using refresh token
curl ^ --data client_id=CLIENT_ID ^ --data client_secret=CLIENT_SECRET ^ --data redirect_uri=urn:ietf:wg:oauth:2.0:oob ^ --data grant_type=refresh_token ^ --data refresh_token=REFRESH_TOKEN ^ https://www.googleapis.com/oauth2/v4/token
Note: In the request grant_type=refresh_token
Setup firebase app using REST APIs
To begin with I am assuming you already have one firebase project in the Firebase console. Now we will add the firebase app to the existing project using REST APIs. We will be looking into the iOS as well as android section.
iOS section
Let’s create an iOS app in the existing Firebase project. We will need identifiers of the firebase project which can be found from the console.
curl -s --request POST \
“https://firebase.googleapis.com/v1beta1/projects/PROJECT_IDENTIFIER/iosApps/” \
--header ‘Authorization: Bearer ACCESS_TOKEN’ \
--header ‘Accept: application/json’ \
--header ‘Content-Type: application/json’ \
--data ‘{“bundleId”:”BUNDLE_ID”,”displayName”:”PRODUCT_NAME”}’ \
--compressed
— PROJECT_IDENTIFIER : Project ID under Project Settings on firebase console
Documentation of parameters and endpoints of iOS REST APIs can be found here.
Click here to try the APIs before implementing them.
Android section
Now we will create android app in the same firebase project.
curl -s --request POST \
“https://firebase.googleapis.com/v1beta1/projects/PROJECT_IDENTIFIER/androidApps/” \
--header “Authorization: Bearer ACCESS_TOKEN” \
--header “Accept: application/json” \
--header “Content-Type: application/json” \
--data “{\”packageName\”:\”BUNDLE_ID\”,\”displayName\”:\”PRODUCT_NAME\”}”
--compressed
Note: We need to escape quotes in the data part when running on Windows.
Documentation of parameters and endpoints of android REST APIs can be found here.
Click here to try the APIs before implementing them.
Apart from this one of the interesting things I came across was Google OAuth 2.0 Playground. It became easier for me to implement things after using the OAuth Playground.
Conclusion
The APIs could be used to avoid the tedious task of manually adding a new app on the firebase console, downloading the GoogleService config file, and adding it to the project. It is useful when there multiple flavors of the project so that we can directly download the config file and add it to the project using scripting. Consume the required APIs to achieve the goal. We can also create Firebase Project using the available resources. Any suggestions or improvements? please feel free to comment.
Thank you for reading!
