Firebase PHP CURL Authentication

Question

I currently building a small chat using Firebase and PHP. This, I thought, would be a good learning project for Firebase, and so far I am very happy with it!

However, I have hit a wall. I am not sure how I can implement an authentication system to Firebase via PHP. It's quite specific what I need the authentication system to do:

To be able to use the chat, the user must login using my custom php login system. Then once they are logged in, they will also authenticate to be able to read/write in the chat.

I couldn't really understand how this (if even) is possible with PHP, using CURL.

In my __construct function in have the following:

require('/libs/FirebaseLib.php');
$this->firebase = new fireBase('https://<url>.firebaseio.com');

require('/libs/JWT.php');
require('/libs/FirebaseToken.php');
$tokenGen = new Services_FirebaseTokenGenerator('<firebase-secret>');
$this->authtoken = $tokenGen->createToken(
    array(
        'id' => $this->userid
    )
);

How would I authenticate with Firebase to let the user be able to read/write in my chat and not allow non authenticated user to read/write? Note: I have not done anything to the Firebase security rules - this is part of my question.

I've looked at the documentation, I might just be very thick, but I couldn't really find what I was looking for.

Hope anyone to point me in the right direction.

Thanks!

EDIT: I have intentionally not been using javascript for my chat, apart from ajax calls to my php script which then relays it to Firebase after I have done what I want to do with the user's messages.

EDIT 2: Added links to the used libraries: "Firebase Token Generator" and "Firebase PHP Client"

EDIT 3: My current code looks like this: (reference)

__construct:

$this->authtoken = JWT::encode(
    array(
        'admin' => true,
        'debug' => true,
        'v' => 0,
        'iat' => time(),
        'd' => array('user' => 'admin')
    ),
    '<secret>',
    'HS256'
);

New Message Function:

$response = $this->firebase->set('/chat.json?auth=' . $this->authtoken, array(
    'message' => array(
        'username' => 'Test',
        'time' => time(),
        'string' => 'Hello World!'
    )
));

However it returns: { "error" : "invalid_token: Could not parse auth token." }. I basically want to get permission as the administrator. I have tried just using the Firebase secret as the auth, but its returns the same error.

Rules:

{
  "rules": {
    ".read": "auth.username == 'admin'",
    ".write": "auth.username == 'admin'"
  }
}

Answer 1

The general workflow would be:

1. After user has authenticated with your custom login system, generate a Firebase auth token in your server-side PHP code. (it looks like you got this far with the code snippet you pasted).
2. Pass that token back to the client.
3. Have the client call firebase.auth(<token>); to authenticate to Firebase using your server-generated token.
4. Use security rules to restrict what the client can read/write, depending on the contents of their auth token.

For a simple scenario where you just want to allow all Firebase access if they're authenticated, you could just have security rules like:

{
    "rules": {
        ".read": "auth != null",
        ".write": "auth != null"
     }
}

This would give authenticated users read/write access to your whole Firebase. You probably want to lock it down more than that though (i.e. only give them read/write access to certain parts of the Firebase). Check out our Security Quickstart for a walkthrough on how auth and security rules work.

If this doesn't help, perhaps you can elaborate on which part you're getting stumped at.