Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using Firebase for server side authentication

I have Firebase authentication set up on the client side, and on the server side I can take a JWT token and decode the account ID. But how does this work when I want each page load to be authenticated on the server before the page is generated?

On login or each page load, can I simply store the last JWT token into cookies so that I can read them on my server? Aside from that, I don't know how else for my server to get that information aside from each link being an AJAX call.

like image 553
Stoopkid Avatar asked Oct 17 '22 19:10

Stoopkid


1 Answers

This seems to be the only way to do it presuming you're using the firebase auth library to decode and verify the tokens on the server and not some kind of JWT parsing library.

Firebase admin includes methods for decoding and verifying id tokens and extrapolating all the information. This prevents cookie forgery and keeps firebase auth as your single source of truth for whether or not a user is authenticated.

for example (in node):

    const admin = require("firebase-admin");
    admin.initalizeApp({
        credential: admin.credential.cert(yourServiceAccountJsonHere),
        databaseURL: "http://YOURDATABASE.firebaseio.com/"
    });
    admin.verifyIdToken("usertokenasastring") //returns a promise
        .then(function(decodedToken){
            //process the decoded user token somehow
    });

Firebase makes a call to your database, and makes sure that that user is logged in and that all the other information in the JWT makes sense, so you don't have to worry about implementing any kind of verification server side.

like image 92
Philip Hickey Avatar answered Oct 21 '22 00:10

Philip Hickey