0
0
Firebasecloud~10 mins

Custom authentication tokens in Firebase - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Custom authentication tokens
Create user identity info
Generate custom token with secret key
Send token to client app
Client app uses token to sign in
Firebase verifies token signature
User authenticated and session started
This flow shows how a custom token is created, sent to the client, and used to authenticate a user in Firebase.
Execution Sample
Firebase
const token = await admin.auth().createCustomToken(uid);
// Send token to client
// Client signs in with token
// Firebase verifies and authenticates user
This code generates a custom token for a user ID, which the client uses to sign in securely.
Process Table
StepActionInputOutputNotes
1Create user identity infouid='user123'User info object with uidPrepare user data for token
2Generate custom tokenUser info + secret keyCustom JWT token stringToken signed with Firebase secret
3Send token to clientCustom token stringToken received by client appClient ready to authenticate
4Client signs inCustom tokenSign-in request to FirebaseClient uses token to authenticate
5Firebase verifies tokenSign-in requestVerification success or failureChecks token signature and claims
6User authenticatedVerification successUser session startedUser now logged in
7ExitN/AN/AProcess complete
💡 User session started after successful token verification
Status Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4After Step 5Final
uidundefined'user123''user123''user123''user123''user123''user123'
customTokenundefinedundefinedJWT token stringJWT token stringJWT token stringJWT token stringJWT token string
userSessionundefinedundefinedundefinedundefinedundefinedundefinedactive session
Key Moments - 3 Insights
Why do we need to create a custom token instead of using a password?
Custom tokens let you authenticate users with your own system securely, as shown in step 2 and 5 where the token is generated and verified.
What happens if the token verification fails?
If verification fails at step 5, Firebase rejects sign-in and no user session starts, preventing unauthorized access.
Can the client generate the custom token?
No, only trusted servers generate tokens (step 2) because they need the secret key to sign tokens securely.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the output of step 2?
ACustom JWT token string
BToken received by client app
CUser info object with uid
DUser session started
💡 Hint
Check the 'Output' column in step 2 of the execution table.
At which step does Firebase verify the token signature?
AStep 4
BStep 5
CStep 3
DStep 6
💡 Hint
Look for the step where 'Firebase verifies token' in the 'Action' column.
If the client never receives the token, which step will fail next?
AStep 2
BStep 3
CStep 4
DStep 5
💡 Hint
Without the token at client, sign-in (step 4) cannot proceed.
Concept Snapshot
Custom authentication tokens let you securely sign in users with your own system.
Generate a token on your server using a user ID and secret key.
Send the token to the client app.
Client uses token to sign in with Firebase.
Firebase verifies token and starts user session.
This allows custom user authentication beyond passwords.
Full Transcript
Custom authentication tokens in Firebase allow you to authenticate users using tokens you create on your server. First, you prepare user identity information like a user ID. Then, your server generates a signed token using Firebase's secret key. This token is sent to the client app, which uses it to sign in with Firebase. Firebase verifies the token's signature and claims to ensure it is valid. If verification succeeds, Firebase starts a user session and the user is authenticated. This process lets you integrate your own authentication system securely with Firebase.