Programmatically configure OAuth identity providers for Firebase Authentication
You can use theGoogle Cloud Identity Platform REST API toprogrammatically manage a Firebase project's OAuth identity provider (IdP)configuration. With this API, you can configure the identity providers you wantto support, and update, enable, and disable your project's current OAuthconfigurations.
Get authorization
Before you can call the REST API, you need an OAuth 2.0 access token that grantsEditor access to your Firebase project. For example, to get an access tokenusing a service account in Node.js:
constgoogleAuth=require('google-auth-library');constSCOPES=['https://www.googleapis.com/auth/cloud-platform'];asyncfunctiongetAccessToken(){constserviceAccount=require('/path/to/service_account_key.json');constjwtClient=newgoogleAuth.JWT(serviceAccount.client_email,null,serviceAccount.private_key,SCOPES,null);returnjwtClient.authorize().then((tokens)=>tokens.access_token);}Add a new OAuth identity provider configuration
To add a new OAuth identity provider (IdP) configuration, POST the newconfiguration to theprojects.defaultSupportedIdpConfigsendpoint.
You will need to specify the ID of the identity provider and your client ID andclient secret, which you typically get from the provider's developer site. Hereare the identity providers that Firebase supports and their IDs:
| Provider | IdP ID |
|---|---|
| Apple | apple.com |
| Apple Game Center | gc.apple.com |
facebook.com | |
| GitHub | github.com |
google.com | |
| Google Play Games | playgames.google.com |
linkedin.com | |
| Microsoft | microsoft.com |
twitter.com | |
| Yahoo | yahoo.com |
For example, using Node.js:
constfetch=require('node-fetch');constGCIP_API_BASE='https://identitytoolkit.googleapis.com/v2';asyncfunctionaddIdpConfig(projectId,accessToken,idpId,clientId,clientSecret){consturi=`${GCIP_API_BASE}/projects/${projectId}/defaultSupportedIdpConfigs?idpId=${idpId}`;constoptions={method:'POST',headers:{'Authorization':`Bearer${accessToken}`},body:JSON.stringify({name:`projects/${projectId}/defaultSupportedIdpConfigs/${idpId}`,enabled:true,clientId:clientId,clientSecret:clientSecret,}),};returnfetch(uri,options).then((response)=>{if(response.ok){returnresponse.json();}elseif(response.status==409){thrownewError('IdP configuration already exists. Update it instead.');}else{thrownewError('Server error.');}});}(async()=>{constprojectId='your-firebase-project-id';constaccessToken=awaitgetAccessToken();constidpId='facebook.com';constclientId='your-facebook-client-id';constclientSecret='your-facebook-client-secret';try{awaitaddIdpConfig(projectId,accessToken,idpId,clientId,clientSecret);}catch(err){console.error(err.message);}})().catch(console.error);If the call succeeds, it returns the newly-created configuration. For example:
{name:'projects/your-numerical-project-id/defaultSupportedIdpConfigs/facebook.com',enabled:true,clientId:'your-facebook-client-id',clientSecret:'your-facebook-client-secret'}If you try to configure an identity provider that has already been configuredfor your project, the call returns HTTP error 409. In this situation, you canupdate the configuration instead, as described below.
Update an OAuth identity provider configuration
To enable or disable an OAuth identity provider, or update your project's clientconfiguration, first get the provider's current configuration by making a GETrequest to the theprojects.defaultSupportedIdpConfigs endpoint.Then, make the changes you want to the configuration and PATCH the newconfiguration to theprojects.defaultSupportedIdpConfigsendpoint.
For example, using Node.js:
asyncfunctiongetIdpCfg(projectId,accessToken,idpId){consturi=`${GCIP_API_BASE}/projects/${projectId}/defaultSupportedIdpConfigs/${idpId}`;constoptions={method:'GET',headers:{'Authorization':`Bearer${accessToken}`},};returnfetch(uri,options).then((response)=>{if(response.ok){returnresponse.json();}elseif(response.status==404){thrownewError('IdP configuration not found. First add the IdP'+' configuration to your project.');}else{thrownewError('Server error.');}});}asyncfunctionupdateIdpConfig(accessToken,idpCfg){consturi=`${GCIP_API_BASE}/${idpCfg.name}`;constoptions={method:'PATCH',headers:{'Authorization':`Bearer${accessToken}`},body:JSON.stringify(idpCfg),};returnfetch(uri,options).then((response)=>{if(response.ok){returnresponse.json();}elseif(response.status==404){thrownewError('IdP configuration not found. First add the IdP'+' configuration to your project.');}else{thrownewError('Server error.');}});}(async()=>{constprojectId='your-firebase-project-id';constaccessToken=awaitgetAccessToken();constidpId='facebook.com';try{// Get the IdP's current configuration.constidpCfg=awaitgetIdpCfg(projectId,accessToken,idpId);// Update the configuration. (For example, disable the IdP.)idpCfg.enabled=false;awaitupdateIdpConfig(accessToken,idpCfg);}catch(err){console.error(err.message);}})().catch(console.error);If you try to update the configuration of an identity provider you've neverconfigured for your project, the calls will return HTTP error 404. Instead,configure a new identity provider as shown in theprevioussection.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-17 UTC.