0

With Firebase's Admin SDK, I want to allow a user to login (verify the user with my Firebase instance) without any JavaScript on the front end. Just an old fashioned POST, with the form data in the request body.

Then in node (server side) verify the email and password on the back-end, retrieve a token, update the user's session, pass back a cookie, etc. I've been digging around various examples and the Firebase Admin SDK docs but have not found an answer.

I can do it if I run the non-admin-SDK Firebase module, in node, but this seems like an odd approach to me, especially as I need the Admin SDK for some other things.

I could see why they want to force a "triangle" approach like say payment auths use. Authorize with Firebase on the front end and pass a token to the back-end. Not allowing the password to possibly be sent or stored on the node server unencrypted.

But I want to pass as little JS to the client as possible and I want my site (MPA) to be progressive (not need JS). It seems odd they would not address this in their docs. Other than in some explanation of how to write one's own validation or integrate with another.

If anyone can describe how this can be done or what the recommended approach is, I would be very happy.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Erik Elverskog
  • 31
  • 1
  • 5

1 Answers1

1

Firebase's Admin SDKs are designed to be stateless, so don't have a concept of a current user. The recommended approach is what Firebase Authentication does, sign in on the client and pass an ID token with every request/connection to establish the identity of the user.

If you don't want to use Firebase's SDKs in your client-side application, you can call the REST API. I'm not sure if you can construct the right call with a FORM post though.

Also check:

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807