Firebase Auth - Create session cookie from custom token

Question

I'm currently trying to implement a custom auth provider (twitch) to my firebase session cookies.

The creation of the auth user is working fine. How do I create a session cookie from the custom token though?

Current Error: The provided ID token is not a valid Firebase ID token.

await auth.updateUser(uid, authUser).catch(error => {
    if (error.code === "auth/user-not-found") {
        return auth.createUser(authUser);
    }

    throw error;
});

const token = await auth.createCustomToken(uid);

const sessionCookie = await auth.createSessionCookie(token, { expiresIn }); // Error

const decodedClaims = await auth.verifySessionCookie(sessionCookie);

const user = await auth.getUser(decodedClaims.uid);

setCookie(res, COOKIE_SESSION, sessionCookie, { maxAge: expiresIn });

I know that sending the token from createCustomToken to the client and using signInWithCustomToken to then call user.getIdToken would provide such firebase id token, but is there no way I can do this without the client?

Answer 1

The createSessionCookie method accepts user's Firebase ID Token as a parameter and not a custom token used to sign in users.

but is there no way I can do this without the client?

No, you cannot generate ID Tokens for users. Those tokens can be generated using client SDK only.

firebase.auth().signInWithCustomToken(token).then((userCredential) => {
  // get ID token here
  // call your API endpoint to generate that session cookie
})

One way to get user's ID Token on server would be to use Firebase Auth REST API to login as user which returns both access token and refresh token but for that you would require user's login email and password too. However, this isn't ideal to do as you may have to store user's password unencrypted somewhere to pass in the API request.