(NextJS) Help connecting Auth0 users to Firebase Auth in order to facilitate Security Rules

Please include the following information in your post:

  • Which SDK this is regarding: e.g. ‘@auth0/nextjs-auth0’
  • SDK Version: ^1.7.0
  • Platform Version: Node 8.1.2
  • Code Snippets/Error Messages/Supporting Details/Screenshots:

Hi! Thanks in advance,

I’m working on a NextJS app that uses Auth0, and Firebase (Firestore) on the backend. I mistakenly assumed I could write Firestore Security Rules relying on users’ Auth0 tokens, but it seems that I am required to use Firebase Auth in order to do so. With this issue in mind, I’m considering a few paths forward to enable Firebase Auth in addition to my existing Auth0 integration:

  1. I could use an Action (or a rule/hook) that triggers on Login and Logout to immediately log the user in or out of Firebase Auth as well. It does feel inefficient to fully integrate two separate auth solutions… I use Auth0’s JWT already within the app, but I need to use a Firebase Auth JWT to secure the database. I apologize if this is a naive question, but can a client have two different JWT’s at the same time?

  2. I think this solution seems more logical: I could (somehow) generate a Firebase Auth token from my Auth0 JWT, but I seem to not be able to execute express/middleware in a NextJS application. I did find the following code snippet on these forums, but I’m not quite sure where I would implement this function in my code, and how I would get the new token back to the client. I’m just a hobbyist, so my knowledge of the inner workings of auth is limited – hence my turn to Auth0 for the drop-in solution! Would it be enough to add a similar function to my Action that executes on Login? Could my client access both their Auth0 token as well as their new Firebase custom token?

app.get('/auth/firebase', jwtCheck, (req, res) => {
    // Create UID from authenticated Auth0 user
    const uid = req.user.sub;
    // Mint token using Firebase Admin SDK
    firebaseAdmin.auth().createCustomToken(uid)
      .then(customToken => 
        // Response must be an object or Firebase errors
        res.json({firebaseToken: customToken})
      )
      .catch(err => 
        res.status(500).send({
          message: 'Something went wrong acquiring a Firebase token.',
          error: err
        })
      );
  });
  1. I could forego Auth0 entirely, and rewrite the app using only Firebase Auth.

Do any of these methods, or some yet-unseen alternative path, sound viable? If so, I’d love to discuss how best to proceed. I’m really excited to find a way to get Firebase Auth working so I can ship my app with Security Rules. Thank you!

2 Likes

Hello,
How did you solve this? I’m thinking to have the same approach in my app.

Thanks

I am also currently working on the same problem. I am using ReactJs + Firebase (backend firestore) + Auth0

I spent days and night figuring out the solution.

I was able to generate firebase token inside the firebase functions and send that firebase-token to the client side (i.e. App.js in react project)

The process I followed was -

  1. Get the accessToken in App.js file (or anywhere in front-end side). You can get it with the help of ‘getAccessTokenSilently’ method from ‘useAuth0’ hook
  2. send that token to the firebase function (backend) side. You can send it by putting access token inside the headers > authorization

see below code (step 1 & 2)

  1. Once you get the Auth0’s access token into your firebase function, you can perform a JWTCheck on it (remember JWTCheck is a middleware). If accessToken is valid then the payload data will be sent to the firebase function and if accessToken is invalid then it’ll throw a ‘LOGIN REQUIRED’ error.
  2. Once JWTCheck is complete, you can get the ‘user.sub’ from ‘req.auth.sub’ (user.sub is a unique ID of each user provided by the Auth0). We will use this sub id to pass in to the ‘CreateCustomToken()’ method of firebase.

refer to blog for JWTcheck middleware -

see below code (for step 3 & 4) (firebase functions index.js file)

  1. Finally you’ll receive a firebase token which you can send it back to the client side.

Thank You!

but…

I am still not getting what to do with firebase custom token! When I passed that firebase token to ‘signInWithCustomToken()’ method, I am getting user details but then suddenly I see some errors in console.

Does anyone know why am I getting this error ?