Please include the following information in your post:
- Which SDK this is regarding: e.g. ‘@auth0/nextjs-auth0’
- SDK Version: ^1.7.0
- Platform Version: Node 8.1.2
- Code Snippets/Error Messages/Supporting Details/Screenshots:
Hi! Thanks in advance,
I’m working on a NextJS app that uses Auth0, and Firebase (Firestore) on the backend. I mistakenly assumed I could write Firestore Security Rules relying on users’ Auth0 tokens, but it seems that I am required to use Firebase Auth in order to do so. With this issue in mind, I’m considering a few paths forward to enable Firebase Auth in addition to my existing Auth0 integration:
-
I could use an Action (or a rule/hook) that triggers on Login and Logout to immediately log the user in or out of Firebase Auth as well. It does feel inefficient to fully integrate two separate auth solutions… I use Auth0’s JWT already within the app, but I need to use a Firebase Auth JWT to secure the database. I apologize if this is a naive question, but can a client have two different JWT’s at the same time?
-
I think this solution seems more logical: I could (somehow) generate a Firebase Auth token from my Auth0 JWT, but I seem to not be able to execute express/middleware in a NextJS application. I did find the following code snippet on these forums, but I’m not quite sure where I would implement this function in my code, and how I would get the new token back to the client. I’m just a hobbyist, so my knowledge of the inner workings of auth is limited – hence my turn to Auth0 for the drop-in solution! Would it be enough to add a similar function to my Action that executes on Login? Could my client access both their Auth0 token as well as their new Firebase custom token?
app.get('/auth/firebase', jwtCheck, (req, res) => {
// Create UID from authenticated Auth0 user
const uid = req.user.sub;
// Mint token using Firebase Admin SDK
firebaseAdmin.auth().createCustomToken(uid)
.then(customToken =>
// Response must be an object or Firebase errors
res.json({firebaseToken: customToken})
)
.catch(err =>
res.status(500).send({
message: 'Something went wrong acquiring a Firebase token.',
error: err
})
);
});
- I could forego Auth0 entirely, and rewrite the app using only Firebase Auth.
Do any of these methods, or some yet-unseen alternative path, sound viable? If so, I’d love to discuss how best to proceed. I’m really excited to find a way to get Firebase Auth working so I can ship my app with Security Rules. Thank you!