Firebase Authentication with Web component and HTML

MIT provide a firebase component for working with key:value pairs on the realtime database, however there is no component for authenticating a user on firebase, or for giving authenticated read write permission. There are extensions (paid and free) for this. However, it is quite possible to sign up, sign in and sign out an authenticated user, and provide read write to secure rules, using the web component and some html in a webviewer.


<!DOCTYPE html>


<meta name=“viewport” content=“width=device-width, initial-scale=1.0”>

<meta charset="utf-8">




  <script src=""></script>

  <script src=""></script>

  <script src=""></script>





var user;

//get webviewstring list from app

var wvstr = window.AppInventor.getWebViewString();

//set the firebase configuration from webviewstring

var firebaseConfig = {

  apiKey: wvstr.split(",")[0],

  authDomain: wvstr.split(",")[1],

  databaseURL: wvstr.split(",")[2],

  projectId: wvstr.split(",")[3],

  storageBucket: wvstr.split(",")[4],


//getemail and password from user for create or login

var email = wvstr.split(",")[6];

var pass = wvstr.split(",")[7];

//initialise firebase


var auth = firebase.auth();

var db = firebase.database();

//login user

if ( wvstr.split(",")[5]  == 'SIGNIN' ) {


 var user = auth.currentUser;


//signup user

if ( wvstr.split(",")[5]  == 'SIGNUP' ) {


 var user = auth.currentUser; 


//signout user

if ( wvstr.split(",")[5]  == 'SIGNOUT' ) {



//check auth status of user

auth.onAuthStateChanged(function(user) {

 if (user) {


 } else {

     window.AppInventor.setWebViewString('user signed out');






In essence, we send all the data required by the html file to it via the webviewstring as a list. The html file then configures firebase, then gets the method (SIGNUP or SIGNIN) from the webviewstring list to activate the correct function. The auth status of the user is checked, and this info is sent back to the app through the webviewstring. The app picks up the idToken and uses this to authenticate REST interaction with the secure area of the database.


Please note the different method used to set the development and compiled urls for the html file in assets