If you’re using Firebase for user authentication and want to integrate with Auth0, a Custom Database Connection is a great solution. This allows you to authenticate your Firebase users (with email and password) directly through Auth0.
The Magic of Automatic Migration with Firebase
One powerful feature to consider is Automatic Migration (found in your Auth0 connection settings as “Import Users to Auth0”).
Here’s the simple beauty of it:
- No Upfront Migration Needed: Instead of a big, upfront project to move all your users, automatic migration works seamlessly in the background.
- Leverage Existing Firebase Logins: When a user logs in through Auth0 for the first time, your custom database script (which calls the Firebase login API to verify their credentials) also triggers their profile to be automatically and silently copied into your Auth0 user store.
- Smooth Transition: Users won’t notice a thing, and you gradually build up your user base within Auth0, unlocking its full potential for those migrated users.
This means you can start using Auth0’s features without disrupting your current Firebase authentication or undertaking a complex initial migration.
Quickly Find Your Firebase Web API Key
Your Auth0 script will need your Firebase project’s Web API Key to talk to Firebase. Here’s how to find it:
- Visit the Firebase Console.
- Open your project.
- Click the Settings gear icon (next to “Project Overview”) and choose Project settings.
- On the General tab, look under “Your apps.”
- Select your Web app. Your will be visible in Your Project → Web API Key Web API
Here is a working code sample for your Login Action Script: login.js
async function login(email, password, callback) {
const axios = require('axios');
// Get your Firebase Web API Key from Auth0's connection configuration.
// Store this in your Custom Database Connection settings under 'Settings'.
// For example, as 'FIREBASE_WEB_API_KEY'.
const FIREBASE_WEB_API_KEY = configuration.FIREBASE_WEB_API_KEY;
if (!FIREBASE_WEB_API_KEY) {
return callback(new Error('Firebase Web API Key is not configured.'));
}
const firebaseAuthUrl = `https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=${FIREBASE_WEB_API_KEY}`;
try {
const response = await axios.post(firebaseAuthUrl, {
email: email,
password: password,
returnSecureToken: true, // Requesting a secure token from Firebase
}, {
headers: {
'Content-Type': 'application/json',
},
timeout: 5000, // Set a timeout for the request (e.g., 5 seconds)
});
// Successful authentication with Firebase
const firebaseUser = response.data;
// Map Firebase user data to Auth0's normalized user profile schema.
// See: https://auth0.com/docs/users/user-profiles/normalized-user-profile-schema
const profile = {
user_id: firebaseUser.localId, // This is Firebase's unique user ID
email: firebaseUser.email,
email_verified: firebaseUser.emailVerified || false, // Ensure this field exists
name: firebaseUser.displayName || firebaseUser.email, // Use displayName or fallback to email
// You can add more attributes from firebaseUser if needed and map them to:
// nickname: firebaseUser.displayName,
// picture: firebaseUser.photoUrl, // if available
// app_metadata: {}, // For application-specific metadata
// user_metadata: {}, // For user-specific metadata not used by Auth0 core features
};
// The user_id from Firebase (localId) should be unique.
// Auth0 uses user_id to uniquely identify users.
return callback(null, profile);
} catch (error) {
// Handle Firebase authentication errors
if (error.response && error.response.data && error.response.data.error) {
const firebaseError = error.response.data.error;
// Firebase error codes can be found here:
// https://firebase.google.com/docs/reference/rest/auth#section-error-format
// Common errors include: INVALID_LOGIN_CREDENTIALS, EMAIL_NOT_FOUND, INVALID_PASSWORD, USER_DISABLED
if (
firebaseError.message === 'INVALID_LOGIN_CREDENTIALS' ||
firebaseError.message === 'EMAIL_NOT_FOUND' ||
firebaseError.message === 'INVALID_PASSWORD'
) {
return callback(new WrongUsernameOrPasswordError(email, firebaseError.message));
} else if (firebaseError.message === 'USER_DISABLED') {
return callback(new Error('User account is disabled.')); // Or a more specific Auth0 error if available
}
// For other Firebase specific errors
return callback(new Error(`Firebase Auth Error: ${firebaseError.message}`));
}
// Handle network errors or other unexpected errors
if (error.code === 'ECONNABORTED') {
return callback(new Error('Request to Firebase timed out.'));
}
console.error('Firebase login error:', error.message);
return callback(new Error(`An unexpected error occurred during login: ${error.message}`));
}
}```