-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add customToken option to firebase #3491
Comments
Yeah, so the web/authclient side seems pretty straightforward. As for the api-side decoder, would need to change the decoder to be aware of custom token or decode them correctly. The current api-side decoder calls firebase's verifyIdToken() which may only work with firebase generated tokens and not custom tokens: https://stackoverflow.com/questions/44368643/verifying-firebase-custom-token-to-get-token-id-fails-when-using-jsonwebtoken I'm not sure which token is going to be sent, the ID token generated from signInWithCustomToken() or the custom token. If it's the ID token perhaps nothing needs to change api-side. I'll look into this a bit more when I can. |
Yep that's a good point. I currently only use firebase generated tokens for SSO and when I created this issue, I had actually meant only to support that. I don't think I've come across anyone who uses custom tokens yet. And yes, can confirm. For the firebase token, I only had to handle the token param on front-end and add the method to my custom firebase client. No changes needed on API. |
@viperfx yeah I confirmed no change is needed on api side, the custom token is only used to login/signup but then the AuthProvider getToken() returns the firebase idToken associated with the user who logged and is decoded properly. @thedavidprice Update think since JWTs are known to be stateless, skipping the check revocation is correct and apps can do their own check for revocation when it makes sense. |
I currently use a custom firebase client because I utilize their signInWithCustomToken method.
It would be great if we can add this option to the redwood firebase client.
The text was updated successfully, but these errors were encountered: