Firebase authenticate as admin

Question 1

See this for the 'latest' documentation.

authWithCustomToken is now signInWithCustomToken (firebase version 3.x)

Example from the documentation:

firebase.auth().signInWithCustomToken(token).catch(function(error) {
    // Handle Errors here.
    var errorCode = error.code;
    var errorMessage = error.message;
    if (errorCode === 'auth/invalid-custom-token') {
        alert('The token you provided is not valid.');
    } else {
        console.error(error);
    }
});

Question 2

Andrew's answer will only work if you're authenticating outside your client-side code (otherwise you shouldn't be using your MY_SECRET obviously). Since many people, like myself, use Firebase to avoid server code, here's an alternate answer.

In most firebase apps you probably have a "Users" object in addition to your simple login "auth" object (which only stores email and password). You can add an "isAdmin" or "isModerator" (or whatever you want) to each $user in the "Users" object.

And then your rules would look like this (assuming your auth.id matches your $user key):

{
  "rules": {
    "someObject": {
      ".write": "root.child('Users').child(auth.uid).child('isAdmin').val() == true"
    }
  }
}

Question 3

Yes there is. You simply need to authenticate using a Firebase Secret instead of an authentication token. ie.

firebaseRef.auth(MY_SECRET);

You can find the Secret in the Authentication section of Forge.

Question 4

As per the documentation, you need to use firebaseRef.authWithCustomToken.

Example;

firebaseRef.authWithCustomToken(FIREBASE_SECRET, function(error, authData) {
  if(!error) {
    // You are authenticated
  }
});

firebaseRef.auth is now deprecated, use firebaseRef.authWithCustomToken instead.