NodeJS authentication with Firebase

Question

I would like to authenticate and keep sessions via NodeJS with Firebase. Client can't directly communicate with Firebase.

In short:

Client (browser) <----> NodeJs(firebase-admin) <----> Firebase

I created Firebase client in NodeJS, then I used login method:

var firebaseClient = require('firebase');
firebaseClient.initializeApp(config)
firebaseClient.auth().signInWithEmailAndPassword(req.body.email, req.body.password).catch(function(error){
    console.log(error);
})

and then I created route to check authenticated user:

app.get('/check',function(req,res){
    var user = firebaseClient.auth().currentUser
    console.log(user)
})

This method only allows me keep 1 previously logged user.

I would like to use firebase-admin, but I don't know how to keep session and authenticate users

Look into `passport` as a way to manage sessions. I'm sure there's a package to manage firebase authentication using firebase already made for you, such as https://www.npmjs.com/package/passport-firebase-auth — BenShelton, Apr 16 '17 at 15:52
I used angular fire. You can directly communicate your client (a browser) with firebase. I didn't find solution for described problem. — karolinski, Jun 27 '17 at 22:48

score 18 · Answer 1 · answered Apr 19 '17 at 01:06

18

You can authenticate clients on their respective devices/browsers using the client SDK, and them get them to send an ID token to a backend service written using firebase-admin (the admin SDK). The admin SDK provides methods for validating ID tokens sent by clients: https://firebase.google.com/docs/auth/admin/verify-id-tokens

answered Apr 19 '17 at 01:06

Hiranya Jayathilaka

7,180
1
23
34

1

But this makes the users dependent on client sdk's. I'm trying to make a complete REST API Service and didn't find a way to sign-in and out only through cloud functions :( – Ayyappa Apr 19 '18 at 11:22
This is to be expected, since Admin SDK is intended to extend and complement the capabilities of the client SDKs. However, there's now an API for [maintaining auth state with cookies](https://firebase.google.com/docs/auth/admin/manage-cookies), but you still need an ID token obtained from a client login. Your best bet would be to combine that with using the client SDK in the server. – Hiranya Jayathilaka Apr 19 '18 at 16:56
3

Thanks for the reply :) It seems like I found an alternative. I'm trying to use REST service of Google Identity Toolkit for getting the IdToken from Cloud Functions. Do you see it as a possible solution? https://firebase.google.com/docs/reference/rest/auth/ – Ayyappa Apr 20 '18 at 05:08
Are you getting it with a custom token or with username and password? If it's the latter, I've noticed the ID token you get is slightly different. – Hiranya Jayathilaka Apr 20 '18 at 16:57
I'm using Username/Password login. Looks like I'm successful using the Rest Auth. However, i'm stuck with one single point. It doesn't support Signout. Do i need to just ignore it and handle by clearing the accessTokens on client? – Ayyappa Apr 21 '18 at 01:23
@HiranyaJayathilaka how do you send the token to the server side from the client? – xiaolingxiao May 31 '18 at 16:22
You can send it along with the HTTP requests sent by the client to the server. As part of the header is probably the easiest. This use case is demonstrated in this [I/O talk](https://www.youtube.com/watch?v=HlmizBWJk6A) (jump ahead to the 12:00 minute mark). – Hiranya Jayathilaka May 31 '18 at 17:05

NodeJS authentication with Firebase

1 Answers1

Linked