Firebase server not creating csrfToken
Hi everyone,
I'm currently struggling with the firebase documentation. I want to provide instagram authentication on my platform.
But as I understand, I got to secure my request with a csrftoken. I am currently trying to follow the documentation to be able to send csrftoken through my cookies when a user log in.
I reached to the point where I can retrieve the idtoken of my users, but not the csrfToken. I think it's not automatically sent by firebase, but I cannot figure how to send it from my firebase server. So the next step would be to use this csrftoken in my requests.
I work in typescript (angular 12 + node.js on server) and tried several things like...
Here is my frontend :
I try so send my idtoken to my server but the csrfToken is always null...
anonymousLogIn(){
return new Promise((resolve,reject)=>{
const prevUrl = window.location.href;
console.log(prevUrl);
this.fireAuth.setPersistence(inMemoryPersistence).then(()=>{
signInAnonymously(this.fireAuth).then((user)=>{
if(user) console.log(user);
getIdToken(user.user).then((idtoken)=>{
console.log("idtoken : "+idtoken);
//what to do to retrieve this csrfToken and how to send ot from server ????
const csrfToken = this.getCookie("csrfToken");
//window.location.assign('https://us-central1-le-maki-55.cloudfunctions.net/createCookie?idToken='+idtoken+'&csrfToken='+csrfToken+'&prevUrl='+prevUrl);
//this.router.navigate(['createCookie'], {queryParams: {idToken: idtoken, csrfToken: csrfToken}});
//window.location.assign()
//this.setCookies({idToken: idtoken, csrfToken: csrfToken}).then((cookie)=>{
// console.log('cookies : '+cookie)
//});
console.log(csrfToken);
});
resolve;
},(error)=>{
reject(error);
});
});
});
}
private getCookie(name: string) {
var v = document.cookie.match('(^|;) ?' + name + '=([^;]*)(;|$)');
return v ? v[2] : null;
}
Here is my backend :
This functions may help me to attach the csrftoken to my requests
app.use("/", (req, res, next)=>{
const headerToken = req.header("Authorization");
if (!headerToken) {
res.status(401).send({message: "Auth token must be provided"});
return;
}
const headerParts = headerToken.split(" ");
if (headerParts.length < 2 || headerParts[0] !== "Bearer" || !headerParts[1]) {
res.status(401).send({message: "Invalid token"});
return;
}
admin
.auth()
.verifyIdToken(headerParts[1])
.then((decodedToken) => {
console.log("decoded token :");
console.log(decodedToken);
next();
})
.catch((error) => {
res.status(403).send({message: error.message}).end();
});
});
app.get("/", async (req, res) => {
res.status(200).send("Request executed successfully").end();
});
But I cannot find the way to receive/send this csrftoken from my firebase server. The documentation said that you log in your user and you should be sending/receiving the csrftoken at this time... But how can I do it ? I really can't understand the official docs.
I would be very grateful to the ones who'll try to give me advices.
