passport-firebase-jwt
Advanced tools
Based on passport-jwt
A Passport strategy to authenticate with Firebase Auth.
This module lets you authenticate endpoints when using Firebase Auth in a Node.js application.
npm install passport-firebase-jwt
NestJS TypeScript usage example:
Strategy name is: firebase-jwt.
Make sure firebase is initialized before starting NestJs
import { credential, initializeApp } from 'firebase-admin';
import * as express from 'express';
import * as serviceAccount from './serviceAccountKey.json';
const config = {
apiKey: '***',
authDomain: '***.firebaseapp.com',
databaseURL: 'https://***.firebaseio.com',
projectId: '***',
storageBucket: '***.appspot.com',
messagingSenderId: '***',
credential: credential.cert(***)
};
initializeApp(config);
import { PassportStrategy } from '@nestjs/passport';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { Strategy, ExtractJwt } from 'passport-firebase-jwt';
import { auth } from 'firebase-admin';
@Injectable()
export class FirebaseAuthStrategy extends PassportStrategy(Strategy) {
constructor() {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken()
});
}
validate(token) {
return auth()
.verifyIdToken(token, true)
.catch((err) => {
console.log(err);
throw new UnauthorizedException();
});
}
}
import { Module } from '@nestjs/common';
import { PassportModule } from '@nestjs/passport';
import { FirebaseAuthStrategy } from './firebase-auth.strategy';
@Module({
imports: [
PassportModule.register({ defaultStrategy: 'firebase-jwt' })
],
providers: [
FirebaseAuthStrategy
],
exports: [
PassportModule
]
})
export class AuthModule {}
There are a number of ways the JWT may be included in a request. In order to remain as flexible as
possible the JWT is parsed from the request by a user-supplied callback passed in as the
jwtFromRequest parameter. This callback, from now on referred to as an extractor,
accepts a request object as an argument and returns the encoded JWT string or null.
A number of extractor factory functions are provided in passport-jwt.ExtractJwt. These factory functions return a new extractor configured with the given parameters.
fromHeader(header_name) creates a new extractor that looks for the JWT in the given http
headerfromBodyField(field_name) creates a new extractor that looks for the JWT in the given body
field. You must have a body parser configured in order to use this method.fromUrlQueryParameter(param_name) creates a new extractor that looks for the JWT in the given
URL query parameter.fromAuthHeaderWithScheme(auth_scheme) creates a new extractor that looks for the JWT in the
authorization header, expecting the scheme to match auth_scheme.fromAuthHeaderAsBearerToken() creates a new extractor that looks for the JWT in the authorization header
with the scheme 'bearer'fromExtractors([array of extractor functions]) creates a new extractor using an array of
extractors provided. Each extractor is attempted in order until one returns a token.FAQs
Passport authentication strategy for Firebase JWT token
We found that passport-firebase-jwt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.