WorkOS Docs Homepage


Add Single Sign-On to your Firebase services with a single integration.

Single Sign-On is a frequent request from enterprise customers, and is not natively supported by Firebase. However, Firebase does natively support custom authentication flows using third-party authentication. This means that by adding a simple exchange of “tokens” to your business logic, you can use WorkOS SSO to access all of your Firebase resources.

A microservice that uses WorkOS SSO to authenticate your users for Firebase.

To get the most out of this guide, you should:

You can set up your token exchange wherever your WorkOS /auth and /callback logic is defined. Here is an example of the simplest version:


Add the firebase-admin SDK to your project dependencies and import it into the module where you have defined your WorkOS integration logic. You will now use the results of your successful GET /callback request to generate a custom token in Firebase that you can then send to your client.

First, install the Firebase Admin SDK in the project directory:

With npm

Second, initialize your Firebase admin app. The simplest configuration will look like this:

Initialize Firebase Admin App

The logic for creating and sending a custom token to your client should live within your /callback logic, and will use the result of the getProfile method in the WorkOS API.

You will be using the .createCustomToken(uid) method from the Firebase Admin SDK, and we will be passing the user’s profile ID from our getProfile method in /callback.

Create Custom Token

Now that you’ve exchanged tokens, you can use the Firebase SDK on your frontend to authenticate your users. For example, in JavaScript:

Client-side Token

You should now be able to use your Firebase integrations and resources without interruption.