Ad

Server And Client Authentication: How Can I Create A Firebase Auth Token From Server And Send It To The Web Client?

I'm trying to authenticate my users using email and password from the server, using firebase and sending the token generated to the client.

In the server-side, I'm using a nodejs firebase function, and the token is created using the firebase rest auth API, using the verifyPassword endpoint, then I use the token generated and send it to the client.

I'm using in the client firebase.auth().signInWithCustomToken(token) to try to sign in, but I get me a invalid token response.

What I'm trying to do is allow to authenticate the user in both sides, the server, and WebClient .

Is this possible or there is a better way to do it?

Ad

Answer

you can send your Client-Side idToken to your server, as described in the Firebase Auth Documentation and on your server you can create a Session-Cookie with firebase admin

admin.auth().createSessionCookie(idToken, {expiresIn})
    .then((sessionCookie) => ...

I have a project where i send the idToken to the server when the Auth-State changes on my Client-Side:

firebase.auth().onAuthStateChanged(function(user) {
      if (user) {
        // User is signed in.
        user.getIdToken().then(idToken => {
          sendTokenToServer(idToken,csrfToken);
        });
      } else {
        clearCookiesOnServer(...);
      }
    });
Ad
source: stackoverflow.com
Ad