In this meeting, the State Changers delved deeply into the integration and authentication process between various platforms, including Flutterflow, Xano and Firebase. The discussion encompassed core basic steps needed to create an app with Flutterflow, with a focus on initiating the auth login through Flutterflow, which can be connected to Firebase for authentication via email, phone, SMS, etc.
The participants then discussed how to save the token received through this process and create an app state. Further, they went into detail on how to set up an API call to Xano using the ID token (JWT token), explained the security benefits of using ID tokens, and how to validate those using "kids" or key IDs from Google.
The team faced a challenge with JWE decode which they circumvented temporarily, but noted it as an area for improvement. They also presented a method to dynamically identify the necessary keys from Firebase's authentication tokens for sustainable functioning in production. This process involves decoding the Firebase token into a usable format and matching it against the list from Google's APIs to get Google's public keys that can be used to verify the signature.
Afterwards, the State Changers reviewed the data structure and logic behind user authentication. They explained how they associate the Google/Firebase user info with their Xano user ID within their own user table in Xano, streamlining the authentication process.
Two key objectives of the session were to ease the login process by utilizing Google/Firebase's built-in native features, which provide better and more secure user experience, and to set the foundation for issuing Firebase Cloud Messaging tokens for push notifications.
Keywords mentioned: Xano, Flutterflow, Firebase, Google, OAuth, State Change, JWT token.
(Source: Office Hours Extra: FlutterFlow Auth and Push Notifications )