Sample code for 30+ languages & platforms
Tcl

Firebase JWT User Authentication

See more Firebase Examples

Demonstrates how to authenticate a Firebase REST API call using a JSON service account private key.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# First load the Firebase JSON private key into a string.
set fac [new_CkFileAccess]

set jsonKey [CkFileAccess_readEntireTextFile $fac "qa_data/firebase/fish-8abda-firebase-adminsdk-1ys3o-347d70d581.json" "utf-8"]
if {[CkFileAccess_get_LastMethodSuccess $fac] != 1} then {
    puts [CkFileAccess_lastErrorText $fac]
    delete_CkFileAccess $fac
    exit
}

# A JSON private key looks like this:

# {
#   "type": "service_account",
#   "project_id": "fish-8abda",
#   "private_key_id": "347e70d5810b92516905d2de12d292c16159375b",
#   "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvwIBADANBgkqhkiG9 ...  KQRtMB1gBu3KQxgoA==\n-----END PRIVATE KEY-----\n",
#   "client_email": "firebase-adminsdk-1ys3o@fish-8abda.iam.gserviceaccount.com",
#   "client_id": "107827947504591332107",
#   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
#   "token_uri": "https://accounts.google.com/o/oauth2/token",
#   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
#   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-1ys3o%40fish-8abda.iam.gserviceaccount.com"
# }

set gAuth [new_CkAuthGoogle]

CkAuthGoogle_put_JsonKey $gAuth $jsonKey

# Choose a scope.
# The scope could be "https://www.googleapis.com/auth/firebase.database"
# or
# "https://www.googleapis.com/auth/firebase.database https://www.googleapis.com/auth/userinfo.email"

CkAuthGoogle_put_Scope $gAuth "https://www.googleapis.com/auth/firebase.database https://www.googleapis.com/auth/userinfo.email"

# Request an access token that is valid for this many seconds.
CkAuthGoogle_put_ExpireNumSeconds $gAuth 3600

# If the application is requesting delegated access:
# The email address of the user for which the application is requesting delegated access,
# then set the email address here. (Otherwise leave it empty.)
CkAuthGoogle_put_SubEmailAddress $gAuth ""

# Connect to www.googleapis.com using TLS (TLS 1.2 is the default.)
# The Chilkat socket object is used so that the connection can be established
# through proxies or an SSH tunnel if desired.
set tlsSock [new_CkSocket]

set success [CkSocket_Connect $tlsSock "www.googleapis.com" 443 1 5000]
if {$success != 1} then {
    puts [CkSocket_lastErrorText $tlsSock]
    delete_CkFileAccess $fac
    delete_CkAuthGoogle $gAuth
    delete_CkSocket $tlsSock
    exit
}

# Send the request to obtain the access token.
set success [CkAuthGoogle_ObtainAccessToken $gAuth $tlsSock]
if {$success != 1} then {
    puts [CkAuthGoogle_lastErrorText $gAuth]
    delete_CkFileAccess $fac
    delete_CkAuthGoogle $gAuth
    delete_CkSocket $tlsSock
    exit
}

# Examine the access token:
puts "Firebase Access Token: [CkAuthGoogle_accessToken $gAuth]"

# Save the token to a file (or wherever desired).  This token is valid for 1 hour.
CkFileAccess_WriteEntireTextFile $fac "qa_data/tokens/firebaseToken.txt" [CkAuthGoogle_accessToken $gAuth] "utf-8" 0

delete_CkFileAccess $fac
delete_CkAuthGoogle $gAuth
delete_CkSocket $tlsSock