Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

passport-firebase-jwt

Package Overview
Dependencies
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

passport-firebase-jwt

Passport authentication strategy for Firebase JWT token

  • 1.1.1
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
24K
increased by4.12%
Maintainers
1
Weekly downloads
 
Created
Source

passport-firebase-jwt

Based on passport-jwt

A Passport strategy to authenticate with Firebase Auth.

This module lets you authenticate endpoints when using Firebase Auth in a Node.js application.

Install

npm install passport-firebase-jwt

Usage

NestJS TypeScript usage example:

Strategy name is: firebase-jwt.

index.ts

Make sure firebase is initialized before starting NestJs

import { credential, initializeApp } from 'firebase-admin';
import * as express from 'express';
import * as serviceAccount from './serviceAccountKey.json';

const config = {
    apiKey: '***',
    authDomain: '***.firebaseapp.com',
    databaseURL: 'https://***.firebaseio.com',
    projectId: '***',
    storageBucket: '***.appspot.com',
    messagingSenderId: '***',
    credential: credential.cert(***)
};
initializeApp(config);
firebase-auth.strategy.ts
import { PassportStrategy } from '@nestjs/passport';
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { Strategy, ExtractJwt } from 'passport-firebase-jwt';
import { auth } from 'firebase-admin';

@Injectable()
export class FirebaseAuthStrategy extends PassportStrategy(Strategy) {

    constructor() {
        super({
            jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken()
        });
    }

    validate(token) {
        return auth()
            .verifyIdToken(token, true)
            .catch((err) => {
                console.log(err);
                throw new UnauthorizedException();
            });
    }
}
auth.module.ts
import { Module } from '@nestjs/common';
import { PassportModule } from '@nestjs/passport';
import { FirebaseAuthStrategy } from './firebase-auth.strategy';

@Module({
    imports: [
        PassportModule.register({ defaultStrategy: 'firebase-jwt' })
    ],
    providers: [
        FirebaseAuthStrategy
    ],
    exports: [
        PassportModule
    ]
})
export class AuthModule {}

Extracting the JWT from the request

There are a number of ways the JWT may be included in a request. In order to remain as flexible as possible the JWT is parsed from the request by a user-supplied callback passed in as the jwtFromRequest parameter. This callback, from now on referred to as an extractor, accepts a request object as an argument and returns the encoded JWT string or null.

Included extractors

A number of extractor factory functions are provided in passport-jwt.ExtractJwt. These factory functions return a new extractor configured with the given parameters.

  • fromHeader(header_name) creates a new extractor that looks for the JWT in the given http header
  • fromBodyField(field_name) creates a new extractor that looks for the JWT in the given body field. You must have a body parser configured in order to use this method.
  • fromUrlQueryParameter(param_name) creates a new extractor that looks for the JWT in the given URL query parameter.
  • fromAuthHeaderWithScheme(auth_scheme) creates a new extractor that looks for the JWT in the authorization header, expecting the scheme to match auth_scheme.
  • fromAuthHeaderAsBearerToken() creates a new extractor that looks for the JWT in the authorization header with the scheme 'bearer'
  • fromExtractors([array of extractor functions]) creates a new extractor using an array of extractors provided. Each extractor is attempted in order until one returns a token.

Keywords

FAQs

Package last updated on 08 Oct 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc