Server and client authentication: How can I create a Firebase Auth Token from server and send it to the web client?

1
votes

I'm trying to authenticate my users using email and password from the server, using firebase and sending the token generated to the client.

In the server-side, I'm using a nodejs firebase function, and the token is created using the firebase rest auth API, using the verifyPassword endpoint, then I use the token generated and send it to the client.

I'm using in the client firebase.auth().signInWithCustomToken(token) to try to sign in, but I get me a invalid token response.

What I'm trying to do is allow to authenticate the user in both sides, the server, and WebClient .

Is this possible or there is a better way to do it?

1
firebasefirebase-authenticationgoogle-cloud-functions

1 Answers

3
votes

you can send your Client-Side idToken to your server, as described in the Firebase Auth Documentation and on your server you can create a Session-Cookie with firebase admin

admin.auth().createSessionCookie(idToken, {expiresIn})
    .then((sessionCookie) => ...

I have a project where i send the idToken to the server when the Auth-State changes on my Client-Side:

firebase.auth().onAuthStateChanged(function(user) {
      if (user) {
        // User is signed in.
        user.getIdToken().then(idToken => {
          sendTokenToServer(idToken,csrfToken);
        });
      } else {
        clearCookiesOnServer(...);
      }
    });