Devot Logo
Devot Logo
Arrow leftBack to blogs

Introduction to Firebase: Empowering Your App Development

Vladimir Š.4 min readJun 24, 2025Technology
Vladimir Š.4 min read
Contents:
Creating a Firebase project
Setting up sign-in providers
Generating a private key for the Firebase admin SDK
Hashing the private key for security and convenience
Adding Firebase dependencies
Configuring Firebase in Spring Boot
Creating a custom authentication filter
Adding security configuration
Implementing login
Conclusion

Firebase is a comprehensive platform developed by Google that offers a suite of tools designed to simplify app development, from backend infrastructure to real-time data services. It provides developers with essential features like Firebase Authentication for secure user sign-ins, Firebase Realtime Database for live data synchronization, and Firebase Cloud Storage for securely storing user-generated content. These tools help build scalable, dynamic apps with minimal setup, allowing developers to focus more on user experience and functionality.

Beyond these core features, Firebase also includes app distribution, crash reporting, cloud functions, analytics, and user engagement tools like push notifications. With all of these integrated into a single platform, Firebase streamlines the development process and helps developers monitor, improve, and grow their apps over time, providing a powerful all-in-one solution for both mobile and web app creation.

Creating a Firebase project

Before we dive into the code, let's first set up a Firebase project. Head over to Firebase and log in with your Google account. If you don’t have one yet, now is the perfect time to create it! Once logged in, click on "Go to console" in the top right corner to access your Firebase dashboard.

Now, let’s create a new project. Click on "Create a project" and give it a name that makes sense for your application. Firebase will guide you through a few quick steps—just follow along and hit next. Once the setup is complete, you’ll land on the project’s overview page, where all the magic happens.

Firebase console with "Create a project" button highlighted for starting a new project setup.

Setting up sign-in providers

Firebase offers several ways to authenticate users, but for this guide, we'll keep things simple and enable Email/Password authentication. In your Firebase console, find the "Build" section in the left sidebar and click on "Authentication".

Firebase console showing the "Authentication" option selected under the "Build" section.

If you’re doing this for the first time, you’ll see a "Get started" button—click it to initialize authentication services.

Authentication setup screen with "Get started" button for initializing Firebase authentication.

Next, go to the "Sign-in method" tab and select "Email/Password". Flip the switch to enable this method, then hit "Save".

Sign-in method tab with Email/Password option enabled in the Firebase console.

That’s it! You now have Email/Password authentication enabled, and you’ll see it listed under "Enabled providers".

Enabled providers section showing Email/Password listed under active authentication methods.

Generating a private key for the Firebase admin SDK

To let your Spring Boot app talk to Firebase securely, you’ll need a private key for the Firebase Admin SDK. Don’t worry, it’s just a couple of clicks away. First, go to Project settings by clicking the gear icon in the left sidebar. Then, navigate to the "Service accounts" tab.

Firebase project settings with "Service accounts" tab selected to access Admin SDK private key.

Here, you’ll see an option to generate a private key. Select Java as the platform and click on "Generate new private key". Firebase will create a JSON file containing your private key, and it’ll automatically download to your computer. Keep this file safe—you’ll need it soon when integrating Firebase with your Spring Boot app.

Hashing the private key for security and convenience

Handling raw JSON keys can be risky, especially when deploying to production environments. To increase security and make it more manageable, we can hash the private key using Base64 encoding. This approach ensures that the key is stored safely while remaining accessible when needed.

Once the key is hashed, it should be added to your project’s configuration instead of using the raw JSON file. This minimizes the risk of exposure while maintaining seamless integration with Firebase services.

Adding Firebase dependencies

Now, let’s bring Firebase into our Spring Boot project. To do this, add the following dependency to your build.gradle file:

This will include the Firebase Admin SDK, which allows your application to interact with Firebase Authentication services.

Configuring Firebase in Spring Boot

Now that we have the dependency, it's time to configure Firebase in our Spring Boot application. First, store your Base64-encoded private key securely in the application.properties file:

Alternatively, you can store it in a .env file or use an environment variable for better security practices.

Next, create a configuration class to decode the Base64 key and initialize Firebase authentication:

Creating a custom authentication filter

For enhanced security, we can create a custom authentication filter that verifies the Firebase token and assigns roles to users. This filter will intercept incoming requests, extract the bearer token, and validate it using Firebase Authentication.

Since we're introducing custom logic here, it's also a good time to think about applying proven Java Design Patterns to keep your code maintainable and scalable as the project grows.

Adding security configuration

To complete our security setup, we must register our authentication filter with Spring Security. This ensures that all incoming requests are checked for authentication before proceeding.

Implementing login

Since the Firebase Admin SDK does not support email/password login directly, we need to manually request an access token using Firebase’s REST API. To achieve this, we send an HTTP POST request to Firebase’s authentication endpoint, passing the user's email and password. Firebase responds with an authentication token, which can then be used for accessing secured endpoints within our application. This approach ensures that users logging in via email and password can still leverage Firebase’s authentication mechanisms while maintaining security and compliance with Firebase’s requirements.

Conclusion

By following these steps, you have successfully integrated Firebase Authentication into a Spring Boot application. You’ve set up Firebase, configured authentication methods, generated and secured a private key, and implemented a custom authentication filter to ensure role-based access control. Additionally, you’ve integrated Firebase authentication with Spring Security, providing a secure way to validate user sessions.

While Firebase simplifies authentication, always remember to follow best practices in securing your API keys, handling authentication tokens properly, and keeping your dependencies up to date. With this foundation in place, you can now build scalable and secure authentication systems for your Java applications!

Spread the word:
Keep readingSimilar blogs for further insights
Ruby vs Java: A Comprehensive Comparison
Technology
Iva P.10 min readAug 28, 2025
Ruby vs Java: A Comprehensive ComparisonCrucial tradeoffs between Ruby’s simplicity and Java’s power—broken down for startups, CTOs, and developers evaluating their next move.
SCSS vs Tailwind CSS: Finding the Right Fit for Your Workflow
Technology
Luka C.4 min readAug 27, 2025
SCSS vs Tailwind CSS: Finding the Right Fit for Your WorkflowWhen launching a frontend project, your styling choice shapes maintainability and developer experience. This post breaks down SCSS’s advanced logic, Tailwind’s rapid utility classes, and when a hybrid setup gives you the best of both.
Vibe Coding: How AI is Revolutionizing the Software Development Process
Technology
Marko P.7 min readAug 20, 2025
Vibe Coding: How AI is Revolutionizing the Software Development ProcessVibe coding leverages advanced AI models to translate natural-language instructions into working source code. From rapid prototyping and democratizing software creation to concerns around security, maintainability, and legal liability, this article delves into the origins of vibe coding, its strengths and pitfalls, and how “vibe engineering” can ensure safe, clean, and ethical AI-powered programming.