Firebase authentication using NodeJS

So far I was working with Mongodb and Express. There my whole authentication was done by checking req.user object. From what I saw, Firebase authentication is mostly done in the front end. How can I get req.user to work with Firebase in the back end? I saw a couple of tutorials, but they just showed a couple of methods and went on. I mean to ask more about the logic, but some code examples would probably help.

Here is Solutions:

We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.

Solution 1

Firebase authentication is mostly done in the front end

Correct. User auth is entirely done client-side when using the provided SDKs from Firebase.

However, if you need to do some special auth, such as integrating with LDAP/AD or some other enterprise shenanigans, then you would need to do custom token creation that client-side SDKs would use to authenticate the user.

How can I get req.user to work with Firebase in the back end?

This is something you will need to implement yourself. The flow client-side would go something like:

  1. User performs auth client-side.
  2. When a user attempts to access your Express API, you will need to retrieve the token from localstorage and send it with your API request.

Let’s assume you attach the token on the request header: FIREBASE_AUTH_TOKEN: abc. See Firebase retrieve the user data stored in local storage as firebase:authUser:

So on the server side, using the Firebase Admin SDK, you will retrieve that token and verify it via verifyIdToken. Quick dirty example below of middleware:

const {auth} = require('firebase-admin');
const authService = auth();

exports.requiresAuth = async (req, res, next) => {
    const idToken = req.header('FIREBASE_AUTH_TOKEN');

    // https://firebase.google.com/docs/reference/admin/node/admin.auth.DecodedIdToken
    let decodedIdToken;

    try {
        decodedIdToken = await authService.verifyIdToken(idToken);
    } catch (error) {
        next(error);
        return;
    }

    req.user = decodedIdToken;
    next();
}

You would then use this middleware like so:

const express = require('express');
const router = express.Router();
const {requiresLogin} = require('./my-middleware.js');

router.get('/example', requiresLogin, async (req, res) => {
    console.log(req.user)
})

I hope this gives you an idea of what to do. I haven’t worked with Firebase for a while and the information above is what I gathered from looking at the documentation.

Solution 2

If you plan to have server side sessions only, you should consider using Firebase session cookies: https://firebase.google.com/docs/auth/admin/manage-sessions.

An example is available to show how to use httpOnly cookies at: https://github.com/firebase/quickstart-nodejs/tree/master/auth-sessions

Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply