7 Oracle Backend for Firebase Authentication

Authentication in Oracle Backend for Firebase is designed to be flexible, secure, and developer-friendly. It supports multiple identity providers, including traditional email/password login, enterprise-grade LDAP, Oracle Identity Cloud Service (IDCS), and popular social login providers like Google and Facebook. The system uses token-based authentication to ensure stateless and scalable access control across services.

• Overview
  
• Key Capabilities
  
• App Users
  
• Using Auth in your App
  
• What is Authentication
  

7.1 Overview

Oracle Backend for Firebase Authentication simplifies application security by providing client SDKs and a Console to create and manage application users. You can enable multiple sign-in methods, including email/password, social identity providers (for example, Google, Facebook, and GitHub), and third-party IDPs using SAML or OIDC. The service can also integrate directly with an Oracle IAM Domain to deliver enterprise-grade features such as Multi-Factor Authentication (MFA) and federated Single Sign-On (SSO).

A valid application user for an Oracle Backend for Firebase application is a user who registered with Oracle Backend for Firebase Authentication and has a valid Oracle Backend for Firebase access token. The access token scope designates which Oracle Backend for Firebase services (for example, Database, Authentication, Storage, Realtime) the authenticated user can access. Finer-grained access and authorization (for example, database collections or object storage files and folders) are enforced by Security Rules, which are not part of the Authentication Service.

7.2 Key Capabilities

You can add authentication with the pre-built web Authentication UI or by integrating Oracle Backend for Firebase Authentication SDKs directly. Use this section to choose a capability and jump to platform-specific guidance.

Platforms: Web/JS, iOS, Android, Flutter.

Capability	What you can do	Platform docs
Email and password	Create users, sign in, and reset passwords.	User Management Operations
Social sign-in	Sign in with Google, Facebook, or GitHub.	Set up Social Sign-in (GitHub, Google, and more)
OIDC and SAML providers	Integrate a third-party OIDC or SAML identity provider.	Configuring Enterprise Identity Protocols
Auth state and current user	Listen for Auth state changes and read the current user profile.	Persistence Settings
Profile updates	Update displayName and photoURL.	User Management Operations
Email verification	Send verification emails and confirm addresses.	Email Verification and Password Reset
Password updates	Update a signed-in user's password.	User Management Operations
Pre-built Auth UI (web)	Use the drop-in web UI for sign-in flows.	Pre-built UI

7.3 App Users

The application user object represents a user account that has signed up for an app in your project. Apps usually have many registered users, and every app in a project shares the Auth Service database.

Basic Properties

Any registered user in Oracle Backend for Firebase Authentication has basic properties such as:

• Unique ID

• Display name

• Email (also the username for the user)

• Sign-in method used for registration (for example, email/password, Google, Facebook)

• Creation time

Lifecycle Of Application Users

The client SDKs (for example, Web, iOS, Android) provide listener callbacks to listen to changes in the Auth object. An Auth listener gets notified in the following situations:

• A user signs in (the current user is set).

• A user signs out (the current user becomes null).

• The current user's access token is refreshed, either automatically due to near token expiry or due to a force refresh.

Application User Self-Service

The client SDKs provide interfaces to perform user profile management operations:

• Update profile (for example, displayName)

• Reset password

• Verify email address

Auth Tokens

When you use Oracle Backend for Firebase Authentication, you can encounter these Auth tokens:

• fusabase Auth Token: Issued after a successful sign-in. The scope contains the services the user can access (for example, database, auth, and storage).

• Oracle IDCS Token: Used when Authentication integrates with Oracle IDCS. Oracle Backend for Firebase exchanges a valid IDCS access token for an Oracle Backend for Firebase Auth Token.

• fusabase Snapshot Token: A short-lived token used to establish an authenticated websocket connection for onSnapshot.

See Also:

Auth Tokens for full token and Auth object details

7.4 Using Auth in your App

When to Use Authentication

Use Oracle Backend for Firebase Authentication whenever your application needs to:

• Identify users securely

• Restrict access to specific data or actions

• Track user activity

• Integrate with external identity providers

How to Configure

The authentication service in Oracle Backend for Firebase is designed to be flexible and developer-friendly. It can be configured using the Oracle Backend for Firebase Console (a web-based interface hosted on ORDS):

7.5 What is Authentication

Authentication is the process of verifying who is making a request from an application.

• It establishes the identity of the user.

• In Oracle Backend for Firebase, authentication is handled through client SDKs and the Console.

• Supported methods include Email/Password, Social Identity Providers, and Third‑party Identity Providers (SAML/OIDC).

• Authentication tokens are issued once a user is verified, and these tokens are later used to enforce security rules.

Note:

Authorization differs from authentication because it determines what an authenticated user is allowed to do. Authentication verifies identity; authorization determines permissions.