# firebase-admin-rs
[](https://github.com/0xrustdev/Firebase-Admin-SDK/actions/workflows/ci.yml)
[](https://crates.io/crates/firebase-admin)
[](https://docs.rs/firebase-admin)
[](#license)
An open-source, community-maintained **Firebase Admin SDK for Rust**.
The Rust ecosystem has no mature, actively-maintained Firebase Admin SDK.
This project aims to fill that gap: starting with **Authentication**, and
expanding feature-by-feature toward a full SDK (Firestore, Cloud Storage,
Realtime Database, Cloud Messaging, ...).
## Status
**Pre-1.0, under active development.** The public API may change between
`0.x` releases. See the [roadmap](#roadmap) below.
## Features (Authentication)
- ID token verification (RS256, JWKS caching, full claim validation)
- Custom token creation (signed locally with a service account key)
- Session cookie creation and verification — verified against Google's
session-cookie certificate endpoint, which is distinct from the ID-token
JWKS endpoint (confirmed against the official Admin SDKs; see
[`ARCHITECTURE.md`](ARCHITECTURE.md))
- User management (create, get, update, delete, list, custom claims) via the
Identity Toolkit REST API, against both the **Firebase Auth Emulator** and
**production Firebase** — OAuth2 bearer tokens are acquired automatically
via [`gcp_auth`](https://crates.io/crates/gcp_auth) for both explicit
service account keys and Application Default Credentials
- A single, unified client for both production Firebase and the local
[Firebase Auth Emulator](https://firebase.google.com/docs/emulator-suite) —
no divergent APIs or generic type parameters to juggle
All of the above work end-to-end against production Firebase when the
default `live-user-management` feature is enabled (it is on by default).
## Quick start
```rust,no_run
use firebase_admin::auth::AuthClient;
use firebase_admin::core::ServiceAccountKey;
#[tokio::main]
async fn main() -> Result<(), firebase_admin::Error> {
let key = ServiceAccountKey::from_file("service-account.json")?;
let auth = AuthClient::builder("my-project-id")
.service_account_key(key)
.build()?;
let claims = auth.verify_id_token("<id-token-from-client>").await?;
println!("verified uid: {}", claims.sub);
Ok(())
}
```
Switching to the local emulator requires no code changes — just set
`FIREBASE_AUTH_EMULATOR_HOST=localhost:9099` in your environment, or call
`.use_emulator("localhost:9099")` on the builder explicitly.
More examples live in [`examples/`](examples/).
## Why another Firebase crate?
A few Firebase-related crates exist for Rust, but none combine ID token
verification, custom token creation, and full user management under one
well-documented, actively-maintained, community-oriented roof. This project
is built to be that crate — see [`ARCHITECTURE.md`](ARCHITECTURE.md) for the
design rationale, including why the live/emulator client is a single
concrete type rather than generic over credentials.
## Roadmap
Patch releases (`0.1.x`) ship bug fixes without new features — see the
[crates.io version history](https://crates.io/crates/firebase-admin/versions)
or [CHANGELOG.md](CHANGELOG.md) for exactly what's published right now. The
milestones below track feature scope, not a specific patch version:
- **0.1 (current milestone)** — ID token verification, custom token
creation, session cookie creation and verification, and full user
management (create/get/update/delete/list, custom claims) against both the
emulator and production Firebase via OAuth2 bearer tokens (service account
+ Application Default Credentials).
- **0.2** — Bulk user import, email action links, initial multi-tenancy.
- **0.3** — Broader edge-case coverage on the token-verification path
(expired/rotated certificates, malformed key responses, clock-skew
handling) ahead of a security review.
- **1.0** — Feature-complete Auth, stable public API, full documentation
coverage, security review of the token-verification path.
- **Post-1.0** — Firestore, then Cloud Storage, Realtime Database, Cloud
Messaging, Remote Config, as additive modules.
## Contributing
Contributions are very welcome — see [`CONTRIBUTING.md`](CONTRIBUTING.md) to
get started, and [`ARCHITECTURE.md`](ARCHITECTURE.md) to understand the
module layout. Please also read the [Code of Conduct](CODE_OF_CONDUCT.md).
## Security
See [`SECURITY.md`](SECURITY.md) for how to report vulnerabilities.
## License
Licensed under either of
- Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE))
- MIT license ([LICENSE-MIT](LICENSE-MIT))
at your option.