e-Próspera API

Appearance

Firebase Authentication integration

Connect Firebase Authentication to e-Próspera as an OpenID Connect provider.

If you already have an OAuth client, the client ID and redirect URIs are visible in Settings > Developer. To request a new client or re-issue a secret, contact gmembreno@prospera.hn.

Demo project: Honduras-Prospera-inc/firebase-oauth-demo

1. Create a Firebase project

Create a Firebase project and a web app in the Firebase console.

Then initialize Firebase in your app:

ts
import { initializeApp } from "firebase/app";
import { getAuth } from "firebase/auth";

const firebaseConfig = {
  apiKey: "...",
  authDomain: "your-project.firebaseapp.com",
  projectId: "your-project",
  storageBucket: "your-project.firebasestorage.app",
  messagingSenderId: "...",
  appId: "...",
};

const app = initializeApp(firebaseConfig);
export const auth = getAuth(app);

2. Add the OIDC provider in Firebase

In Firebase Authentication:

  1. open Authentication
  2. go to Sign-in method
  3. add a new OpenID Connect provider

Provider settings:

  • Issuer
    • production: https://portal.eprospera.com
    • staging: https://staging-portal.eprospera.com
  • Client ID: your provisioned e-Próspera OAuth client ID
  • Client secret: your provisioned e-Próspera OAuth client secret

Use Firebase's generated callback URL as one of the redirect URIs on your e-Próspera OAuth client.

3. Request scopes

Start with:

text
openid profile email

Add:

  • offline_access if your backend needs refresh tokens
  • eprospera:person.details.read
  • eprospera:person.residency.read
  • eprospera:person.id_verification.read
  • eprospera:entity.read
  • eprospera:entity.documents.read

only when you need those resource APIs.

4. Handle refresh tokens server-side

If your backend calls e-Próspera APIs after sign-in, exchange and store refresh tokens on your server. Refresh tokens rotate on each use — always persist the newest refresh_token from POST /api/oauth/token.

5. Call resource endpoints

After sign-in, use the access token to call e-Próspera endpoints:

text
Authorization: Bearer <access-token>

See also: OAuth overview | Token endpoint | GET /api/v1/me/natural-person