You can let your users authenticate with Firebase using OAuth providers like Microsoft Azure Active Directory by integrating web-based generic OAuth Login into your app using the Firebase SDK to carry out the end to end sign-in flow.
To sign in users using Microsoft accounts (Azure Active Directory and personal Microsoft accounts), you must first enable Microsoft as a sign-in provider for your Firebase project:
- Add Firebase to your project.
- In the Firebase console, open the Auth section.
- On the Sign in method tab, enable the Microsoft provider.
- Add the Client ID and Client Secret from that provider's developer console to the provider configuration:
- To register a Microsoft OAuth client, follow the instructions in Quickstart: Register an app with the Azure Active Directory v2.0 endpoint. Note that this endpoint supports sign-in using Microsoft personal accounts as well as Azure Active Directory accounts. Learn more about Azure Active Directory v2.0.
- When registering apps with these providers, be sure to register the
*.firebaseapp.comdomain for your project as the redirect domain for your app.
- Click Save.
- If you haven't yet specified your app's SHA-1 fingerprint, do so from the Settings page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-1 fingerprint.
If you are building an Android app, the easiest way to authenticate your users with Firebase using their Microsoft accounts is to handle the entire sign-in flow with the Firebase SDK.
To handle the sign-in flow with the Firebase Android SDK, follow these steps:
- Construct an instance of an
OAuthProviderwith the provider ID
- Optional: Specify additional custom OAuth parameters that you want to send with the OAuth request.
For the parameters Microsoft supports, see the Microsoft OAuth documentation. Note that you can't pass Firebase-required parameters with
setCustomParameters(). These parameters are client_id, response_type, redirect_uri, state, scope and response_mode.
To allow only users from a particular Azure AD tenant to sign into the application, either the friendly domain name of the Azure AD tenant or the tenant's GUID identifier can be used. This can be done by specifying the "tenant" field in the custom parameters object.
- Optional: Specify additional OAuth 2.0 scopes beyond basic profile that you want to request from the authentication provider.
To learn more, refer to the Microsoft permissions and consent documentation.
- Authenticate with Firebase using the OAuth provider object by calling
startSignInWithProviderand awaiting the
FirebaseAuthEvent.SIGNIN_WITH_PROVIDER_COMPLETE. Note that unlike other FirebaseAuth operations, this will take control of your UI by opening a Custom Chrome Tab.
This completes with the
Once you have completed the authentication with Firebase you should expect the normal
FirebaseAuthEvent.AUTHSTATE_CHANGED event indicating that a user was authenticated and then you will be able to retrieve the user's details using the standard
getCurrentUser() where one of the providers will be the Microsoft details.
Unlike other providers supported by Firebase Auth, Microsoft does not provide a photo URL and instead, the binary data for a profile photo has to be requested via Microsoft Graph API.