1
votes

I’m trying to use Auth0 JWT Tokens with Firebase, with no much luck.

When using the token with Firebase:

const token = localStorage.getItem('id_token'); //from auth0
firebase.auth().signInWithCustomToken(token).catch((error) => {
  var errorCode = error.code;
  var errorMessage = error.message;

  console.log(error);
  console.log(token);
});

All I get is:

“The custom token format is incorrect. Please check the documentation.”

As far as I saw in Firebase’s documentation Auth0 and Firebase tokens are different: https://firebase.google.com/docs/auth/admin/create-custom-tokens

Apparently, Firebase expects an uid which is not present in the one generated by Auth0 which uid equivalent is in sub.

I tried to create a rule to modify the Auth0’s token to include a copy of sub named uid to see if this could be a solution, but it’s not working, nothing is added to the body of the token.

function (user, context, callback) {
context.idToken.uid = user.user_id;
callback(null, user, context);
}

Any idea / suggestion?

PS:

1.I checked the token in jwt.io and its valid. 2.I tried reducing the expiring time to less than 5min, as I saw some people considering this a possible solution, but its not.

1

1 Answers

3
votes

You can't use an Auth0 token directly with Firebase. You need to create a server-side API that uses the firebase-admin SDK to create a Firebase Custom Token using the Auth0 data.

There's a full tutorial over on the OAuth site. Check out the API Routes section on how to use firebaseAdmin.auth().createCustomToken given the OAuth token:

// Auth0 athentication middleware
  const jwtCheck = jwt({
    secret: jwks.expressJwtSecret({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 5,
      jwksUri: `https://${config.AUTH0_DOMAIN}/.well-known/jwks.json`
    }),
    audience: config.AUTH0_API_AUDIENCE,
    issuer: `https://${config.AUTH0_DOMAIN}/`,
    algorithm: 'RS256'
  });

  // Initialize Firebase Admin with service account
  const serviceAccount = require(config.FIREBASE_KEY);
  firebaseAdmin.initializeApp({
    credential: firebaseAdmin.credential.cert(serviceAccount),
    databaseURL: config.FIREBASE_DB
  });

  // GET object containing Firebase custom token
  app.get('/auth/firebase', jwtCheck, (req, res) => {
    // Create UID from authenticated Auth0 user
    const uid = req.user.sub;
    // Mint token using Firebase Admin SDK
    firebaseAdmin.auth().createCustomToken(uid)
      .then(customToken => 
        // Response must be an object or Firebase errors
        res.json({firebaseToken: customToken})
      )
      .catch(err => 
        res.status(500).send({
          message: 'Something went wrong acquiring a Firebase token.',
          error: err
        })
      );
  });