✅
Demo to preview the settings
✅
Introduction
Firebase is a platform developed by Google that offers a suite of cloud-based services to help developers build and scale applications more easily. It provides various tools and services to cover different aspects of app development, including backend infrastructure, authentication, analytics, storage, and more.
A service account is a special type of Google account that belongs to an application or a virtual machine (VM), rather than an individual user. It's used for authenticating and accessing Google Cloud Platform (GCP) services programmatically, typically in a server-to-server or application-to-service communication scenario.
By authenticating using service account credentials, this plugin ensures robust security and access control, allowing backend applications to interact with Firebase services such as Realtime Database, Firestore, and Cloud Messaging without exposing sensitive authentication tokens to client devices. This approach enhances efficiency by facilitating automated tasks, backend processing, and administrative operations, while adhering to best practices for secure server-side communication with Firebase. With this plugin, developers can streamline their backend workflows, improve scalability, and ensure the integrity of their Firebase-powered applications.
This plugin offers:
- Interaction with the database occurs from a server or backend service.
- Authentication is handled using service account credentials, which are typically more secure and not exposed to clients.
- Allows bypassing client-side security rules if necessary, which can be useful for administrative tasks or managing bulk data operations.
- Suitable for backend processes, server applications, or automated tasks that need to interact with the database securely without involving client devices directly.
Getting Setup
Register a Google Service Account with JWT (link) and obtain keys
Below are general steps for creating a service account and obtaining its keys on Google Cloud Platform (GCP):
- Navigate to the IAM & Admin page: Sign in to your Google Cloud Console . Then, go to the IAM & Admin page by clicking on the navigation menu and selecting IAM & Admin.
- Select "Service accounts": In the IAM & Admin page, select "Service accounts" from the left-hand menu.
- Create a new service account: Click on the "Create Service Account" button.
- Enter details: Provide a name and description for your service account. Optionally, you can specify a service account ID.
- Assign roles: Assign the necessary roles to your service account based on the permissions it requires. You can assign predefined roles or create custom roles.
- Create the service account: Click on the "Create" button to create the service account.
- Generate keys: After creating the service account, locate the newly created service account in the list and click on the three dots under "Actions". Then, select "Manage keys", then “Add key” → “Create new key” in the new opened tab.
- Choose key type: Choose the key type you want to create. JSON is a common choice.
- Download the key file: After selecting the key type, click on the "Create" button. This will generate the key file and download it to your computer. Keep this file secure as it grants access to your resources.
- Open the downloaded .json file and get from here two important values
a) “client email” account email value and fill with it the “lss” field of the plugin.
b) ”private key” and fill the “Private key” field in the “plugins” tab of your app.
Go to https://console.firebase.google.com/ and create a new project.
Or use the created one, if you have one.
Follow the instructions and fill in all the necessary fields:
After the project is created, Configure your Realtime Database
The database has a special structure that must be adhered to for proper processing:
You also can find your Firebase project ID in the Firebase Console:
- Go to the Firebase Console at https://console.firebase.google.com/.
- Select your project from the project list.
- Navigate to the project settings or click on the settings icon.
- You should see your project ID listed there.
💡
For some API calls that require special authentication, you'll need an Access Token for authorization.
Instructions for obtaining an access token.
Access token is used for “AUTH” calls in combination with Firebase project security rules set in the Firebase project dashboard for setting permissions.
- In the Firebase console open your app and go to project settings in the settings tab
- On the "General" tab, you will see all the necessary information for your plugin.
- Copy the Web API Key and paste it into the plugin settings
💡
If “Web API Key” is empty, just go to the “Authentication” section, click “get started”, configure Authentication and after that the key will be there.
How to Configure “Authentication”
Instructions for obtaining “auth” key value(secret key)
- In the Firebase console open your app and go to project settings in the settings tab
- On the "Service accounts" tab, at “Database secrets” tab you will have your secret if the previous instructions were followed.
Fill the rest of the fields in the bubble app, “plugins” section with secret key (all fields use the same secret key)
Firebase database structure explained
Project ID: “zqdev-75b52”
Database name: “tests”
Path: “new”
Query: “name”
Plugin API Calls
Signup a User
Signs up a user in your Firebase project (make sure the authentication is set)
Field title | Description | Type |
Email | The email for the user to create. | Text |
Password | The password for the user to create (must be at least 6 characters). | Text |
Sign a User In
Signs in a user in your Firebase project
Field title | Description | Type |
Email | The email the user is signing in with. | Text |
Password | The password for the account. | Text |
Sign in anonymously
In Firebase Authentication, the "sign-in anonymously" feature allows users to sign in to your Firebase app anonymously, without requiring them to provide any credentials such as an email address or password. When a user signs in anonymously, Firebase generates a unique identifier (UID) for that user session, which can be used to track the user's activity within your app.
💡
Set up your “Authentication” to accept “Anonymous” sign in.
Update User Profile
Allows you to update the user account information for a specific user in your Firebase project and even get back in response the Hash version of user password.
Field title | Description | Type |
idToken | A Firebase Auth ID token for the user.
You get it as a response with “Signup a User”/ Sign a User In” / “Sign in anonymously” API calls. | Text |
displayName | Updated display name you want to assign to a user. | Text |
photoUrl | User's profile new photo URL. | Text |
deleteAttribute | List of attributes to delete, "DISPLAY_NAME" or "PHOTO_URL". This will nullify these values. | Text |
Get Current User Data
Allows you to retrieve all the user information.
Field title | Description | Type |
idToken | A Firebase Auth ID token for the account.
You get it as a response with “Signup a User”/ Sign a User In” / “Sign in anonymously” API calls. | Text |
Set New Password
Allows you to update the user account password.
💡
Please keep in mind, that this action returns a new “idToken” and makes the old one invalid.
Delete User
Allows you delete the user account.
Field title | Description | Type |
idToken | A Firebase Auth ID token for the account.
You get it as a response with “Signup a User”/ Sign a User In” / “Sign in anonymously” API calls. | Text |
💡
The difference between “PUBLIC” and “AUTH” requests, is that “AUTH” API calls checks whether the requested operation is permitted according to the security rules. If the “access token”(”idToken” field is used usually in this case) mentioned in the API call does not have the necessary permissions, the operation will be denied.
”Public” API calls made without an access key do not check Firebase Security Rules.
Realtime Database PUBLIC READ
The "Realtime Database PUBLIC READ" API call refers to allowing unrestricted public access to read data from a Firebase Realtime Database. This configuration grants read access to all users, regardless of authentication status, making the specified data publicly readable.
Field title | Description | Type |
database | Name of your database.
Ex: Users | Text |
/query | The last specific location/node of the JSON where you want your data to be retrieved from.
Ex: Names | Text |
/path | Indicate the path trough the "/".
For example, consider a chat application that allows users to store a basic profile and contact list. A typical user profile is located at a path, such as /users/uid.
Ex: users/user1 | Text |
PROJECT_ID | ID assigned to your Firebase project, find it in the project settings at the Firebase Console at https://console.firebase.google.com/.
Ex: zqdev-75b52 | Text |
Realtime Database Public WRITE
The "Realtime Database Public WRITE" feature allows unrestricted public access to write data to a Firebase Realtime Database. This configuration grants write access to all users, regardless of authentication status, allowing them to add, update, or delete data in the specified database nodes.
Field title | Description | Type |
PROJECT_ID | ID assigned to your Firebase project, find it in the project settings at the Firebase Console at https://console.firebase.google.com/.
Ex: zqdev-75b52 | Text |
/database | Name of your database.
Ex: Users | Text |
/path | Indicate the path trough the "/".
For example, consider a chat application that allows users to store a basic profile and contact list. A typical user profile is located at a path, such as /users/uid.
If the path do not exist, it will be created when the API is called. | Text |
/query | The last specific location/node of the JSON where you want your data to be written in.
If there is already another data in will be rewritten by the new one.
Ex: Names | Text |
body | The JSON object that is going to be written in your database, on the mentioned path.
If on the mentioned path there was already data, it is going to rewrite it, if not to add it.
Ex: { "name": "Alex K" } | Object |
Realtime Database PUBLIC DELETE
The "Realtime Database PUBLIC DELETE" feature refers to allowing unrestricted public access to delete data from a Firebase Realtime Database. This configuration grants delete access to all users, regardless of authentication status, enabling them to remove data from the specified database nodes.
Field title | Description | Type |
PROJECT_ID | ID assigned to your Firebase project, find it in the project settings at the Firebase Console at https://console.firebase.google.com/.
Ex: zqdev-75b52 | Text |
/database | Name of your database.
Ex: Users | Text |
/path | Indicate the path trough the "/".
For example, consider a chat application that allows users to store a basic profile and contact list. A typical user profile is located at a path, such as users/uid. | Text |
/query | The last specific location/node of the JSON where your data is located.
Ex: Names | Text |
Realtime Database AUTH READ
The "Realtime Database AUTH READ" call refers to accessing data from a Firebase Realtime Database with authentication enforced for read operations. This configuration allows only authenticated users, who possess valid credentials (such as a idToken) accordingly to Firebase project security rules , to read data from the specified database nodes, ensuring data privacy and security.
Field title | Description | Type |
PROJECT_ID | ID assigned to your Firebase project, find it in the project settings at the Firebase Console at https://console.firebase.google.com/.
Ex: zqdev-75b52 | Text |
/database | Name of your database.
Ex: Users | Text |
/path | Indicate the path trough the "/".
For example, consider a chat application that allows users to store a basic profile and contact list. A typical user profile is located at a path, such as /users/uid.
Ex: users/user1 | Text |
/query | The last specific location/node of the JSON where you want your data to be retrieved from.
Ex: Names | Text |
access_token | Token obtained through Firebase Authentication - "idToken” | Text |
Realtime Database AUTH WRITE
The "Realtime Database AUTH WRITE" call refers to writing data to a Firebase Realtime Database with authentication enforced for write operations. This configuration allows only authenticated users, who possess valid credentials (such as idToken), to write data to the specified database nodes, ensuring data integrity and security.
Field title | Description | Type |
PROJECT_ID | ID assigned to your Firebase project, find it in the project settings at the Firebase Console at https://console.firebase.google.com/.
Ex: zqdev-75b52 | Text |
/database | Name of your database.
Ex: Users | Text |
/path | Indicate the path trough the "/".
For example, consider a chat application that allows users to store a basic profile and contact list. A typical user profile is located at a path, such as /users/uid.
If the path do not exist, it will be created when the API is called. | Text |
/query | The last specific location/node of the JSON where you want your data to be written in.
If there is already another data in will be rewritten by the new one.
Ex: Names | Text |
access_token | Token obtained through Firebase Authentication - "idToken” | Text |
body | The JSON object that is going to be written in your database, on the mentioned path.
If on the mentioned path there was already data, it is going to rewrite it, if not to add it.
Ex: { "name": "Alex K" } | Object |
Realtime Database AUTH DELETE
The "Realtime Database AUTH DELETE" refers to allowing authenticated users, who possess valid credentials such as a user token obtained through Firebase Authentication, to delete data from a Firebase Realtime Database. This configuration restricts deletion access to only authenticated users, ensuring that only users with appropriate permissions can remove data from the specified database nodes.
Field title | Description | Type |
PROJECT_ID | ID assigned to your Firebase project, find it in the project settings at the Firebase Console at https://console.firebase.google.com/.
Ex: zqdev-75b52 | Text |
/database | Name of your database.
Ex: Users | Text |
/path | Indicate the path trough the "/".
For example, consider a chat application that allows users to store a basic profile and contact list. A typical user profile is located at a path, such as /users/uid. | Text |
/query | The last specific location/node of the JSON where your data is located.
Ex: Names | Text |
access_token | Token obtained through Firebase Authentication - "idToken” | Text |
💡
The difference between “WRITE” and “UPDATE” functions is that “WRITE” replaces the entire resource with the new data provided in the request body while “UPDATE” applies partial modifications to an existing resource, updating only the specified fields or attributes with the new data provided in the request body.
Realtime Database PUBLIC UPDATE
The "Realtime Database PUBLIC UPDATE" refers to allowing unrestricted public access to update (modify) data in a Firebase Realtime Database. With this configuration, any user, without the need for authentication, can make changes to the specified database nodes. It grants write access to all users, enabling them to update data without providing any credentials.
Field title | Description | Type |
PROJECT_ID | ID assigned to your Firebase project, find it in the project settings at the Firebase Console at https://console.firebase.google.com/.
Ex: zqdev-75b52 | Text |
/path | Indicate the path trough the "/".
For example, consider a chat application that allows users to store a basic profile and contact list. A typical user profile is located at a path, such as /users/uid. | Text |
/query | The last specific location/node of the JSON where your data is located. | Text |
body | The JSON updated data of the data on the mentioned path.
Ex: { "name": "Alex K" } | Object |
Realtime Database AUTH UPDATE
The "Realtime Database PUBLIC UPDATE" refers to allowing unrestricted public access to update (modify) data in a Firebase Realtime Database. With this configuration, any user, without the need for authentication, can make changes to the specified database nodes. It grants write access to all users, enabling them to update data without providing any credentials.
Field title | Description | Type |
PROJECT_ID | ID assigned to your Firebase project.
Look in “Getting Setup” above to look where you can find it. | Text |
/path | Indicate the path trough the "/". For example, consider a chat application that allows users to store a basic profile and contact list. A typical user profile is located at a path, such as /users/uid. | Text |
access_token | Token obtained through Firebase Authentication. This token is used to authenticate and authorize requests to write data to the Firebase Realtime Database. | Text |
body | The JSON object that has the changed object with modified data. | Object |
Changelogs
Update 24.07.24 - Version 1.3.0
- Minor update.
Update 10.06.24 - Version 1.2.0
- Minor update.
Update 11.04.24 - Version 1.1.0
- updated description.
Update 09.04.24 - Version 1.0.0
- Plugin release.