Google Cloud Services - Firebase Admin

This extension allows to inject both a com.google.firebase.FirebaseApp and a com.google.firebase.auth.FirebaseAuth object inside your Quarkus application.

Be sure to have read the Google Cloud Services extension pack global documentation before this one, it contains general configuration and information.

Bootstrapping the project

First, we need a new project. Create a new project with the following command (replace the version placeholder with the correct one):

mvn io.quarkus:quarkus-maven-plugin:${quarkusVersion}:create \
    -DprojectGroupId=org.acme \
    -DprojectArtifactId=firebase-admin-quickstart \
    -Dextensions="resteasy-reactive-jackson,quarkus-google-cloud-firebase-admin"
cd firebase-admin-quickstart

This command generates a Maven project, importing the Google Cloud Firebase Admin extension.

If you already have your Quarkus project configured, you can add the quarkus-google-cloud-firebase-admin extension to your project by running the following command in your project base directory:

./mvnw quarkus:add-extension -Dextensions="quarkus-google-cloud-firebase-admin"

This will add the following to your pom.xml:

<dependency>
    <groupId>io.quarkiverse.googlecloudservices</groupId>
    <artifactId>quarkus-google-cloud-firebase-admin</artifactId>
</dependency>

Some example

This is an example usage of the extension: we create a REST resource with a single endpoint that retrieves a user by UID.

import com.google.firebase.auth.FirebaseAuth;
import com.google.firebase.auth.FirebaseAuthException;
import com.google.firebase.auth.UserRecord;
import javax.inject.Inject;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;

@Path("/auth")
public class FirebaseAuthResourceTest {

    @Inject
    FirebaseAuth firebaseAuth;

    @GET
    @Path("/users/{uid}")
    @Produces(MediaType.APPLICATION_JSON)
    public UserRecord getUserById(@PathParam("uid") String uid) throws FirebaseAuthException {
        return firebaseAuth.getUser(uid);
    }

}

Firebase Authentication

This extension also supports Firebase Authentication, allowing you to secure your endpoints using Firebase’s authentication mechanisms. This section describes how to use Firebase Authentication in your Quarkus application.

Remember that you need to enable the Firebase Authentication service in your Firebase project. quarkus.google.cloud.firebase.auth.enable must be set to true in your application configuration.

Configuration

  • quarkus.google.cloud.firebase.auth.enabled - Enable Firebase Authentication. Default value is false.

Example

If you want to access the user’s claims you can use SecurityIdentity:

import io.quarkus.security.identity.SecurityIdentity;
import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MediaType;

import com.google.firebase.FirebaseApp;
import com.google.firebase.FirebaseOptions;
import org.eclipse.microprofile.jwt.JsonWebToken;

@Path("/app")
public class FirebaseAppResource {

    @Inject
    FirebaseApp firebaseApp;

    @Inject
    SecurityIdentity identity;

    @GET
    @Path("/options")
    @Produces(MediaType.APPLICATION_JSON)
    public FirebaseOptions getOptions() {
        if(identity.getPrincipal() instanceof JsonWebToken) {
            System.out.println("JWT: " + ((JsonWebToken) identity.getPrincipal()).getClaim("email"));
        }

        return firebaseApp.getOptions();
    }

}

Configuration Reference

Configuration property fixed at build time - All other configuration properties are overridable at runtime

Configuration property

Type

Default

quarkus.google.cloud.firebase.auth.enabled

Enable or disable Firebase authentication.

Environment variable: QUARKUS_GOOGLE_CLOUD_FIREBASE_AUTH_ENABLED

boolean

false