passport-firebase-jwt
Advanced tools
Based on passport-jwt
A Passport strategy to authenticate with Firebase Auth.
This module lets you authenticate endpoints when using Firebase Auth in a Node.js application.
npm install passport-firebase-jwt
NestJS TypeScript usage example:
Strategy name is: firebase-jwt.
Make sure firebase is initialized before starting NestJs
import { credential, initializeApp } from 'firebase-admin';
import * as express from 'express';
import * as serviceAccount from './serviceAccountKey.json';
const config = {
apiKey: '***',
authDomain: '***.firebaseapp.com',
databaseURL: 'https://***.firebaseio.com',
projectId: '***',
storageBucket: '***.appspot.com',
messagingSenderId: '***',
credential: credential.cert(***)
};
initializeApp(config);
import { PassportStrategy } from '@nestjs/passport';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { Strategy, ExtractJwt } from 'passport-firebase-jwt';
import { auth } from 'firebase-admin';
@Injectable()
export class FirebaseAuthStrategy extends PassportStrategy(Strategy) {
constructor() {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken()
});
}
validate(token) {
return auth()
.verifyIdToken(token, true)
.catch((err) => {
console.log(err);
throw new UnauthorizedException();
});
}
}
import { Module } from '@nestjs/common';
import { PassportModule } from '@nestjs/passport';
import { FirebaseAuthStrategy } from './firebase-auth.strategy';
@Module({
imports: [
PassportModule.register({ defaultStrategy: 'firebase-jwt' })
],
providers: [
FirebaseAuthStrategy
],
exports: [
PassportModule
]
})
export class AuthModule {}
There are a number of ways the JWT may be included in a request. In order to remain as flexible as
possible the JWT is parsed from the request by a user-supplied callback passed in as the
jwtFromRequest parameter. This callback, from now on referred to as an extractor,
accepts a request object as an argument and returns the encoded JWT string or null.
A number of extractor factory functions are provided in passport-jwt.ExtractJwt. These factory functions return a new extractor configured with the given parameters.
fromHeader(header_name) creates a new extractor that looks for the JWT in the given http
headerfromBodyField(field_name) creates a new extractor that looks for the JWT in the given body
field. You must have a body parser configured in order to use this method.fromUrlQueryParameter(param_name) creates a new extractor that looks for the JWT in the given
URL query parameter.fromAuthHeaderWithScheme(auth_scheme) creates a new extractor that looks for the JWT in the
authorization header, expecting the scheme to match auth_scheme.fromAuthHeaderAsBearerToken() creates a new extractor that looks for the JWT in the authorization header
with the scheme 'bearer'fromExtractors([array of extractor functions]) creates a new extractor using an array of
extractors provided. Each extractor is attempted in order until one returns a token.FAQs
Passport authentication strategy for Firebase JWT token
We found that passport-firebase-jwt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Ongoing npm supply chain attack spreads to DuckDB: multiple packages compromised with the same wallet-drainer malware.
Security News
The MCP Steering Committee has launched the official MCP Registry in preview, a central hub for discovering and publishing MCP servers.
Product
Socket’s new Pull Request Stories give security teams clear visibility into dependency risks and outcomes across scanned pull requests.