Using @nikko blog post: Firebase and Auth0 v8 from legacy v7 delegation | by Nikko Ambroselli | Medium
for inspiration I came up with this example using a Firebase cloud function to delegate the Auth0 token since that has been removed on Auth0 side. To create a custom token in Firebase function, you need to generate a service account JSON file. In your firebase console, go to Project Settings > Service Accounts and then click “Generate New Private Key”. Save that generated json file in your functions directory as service-account.json and deploy. You also need to create a new Non-Interactive client in your Auth0 account and use that client’s ID on the back-end.
Here’s what the firebase functions index.js looks like:
const admin = require('firebase-admin');
const cors = require('cors')({origin: true});
const auth0 = require('auth0-js');
var auth0Web = new auth0.WebAuth({
domain: 'YOURAUTH0DOMAIN',
clientID: 'YOURCLIENTID'
});
var serviceAccount = require("./service-account.json");
admin.initializeApp({
credential: admin.credential.cert(serviceAccount),
databaseURL: "https://YOURPROJECTID.firebaseio.com"
});
exports.delegateToken = functions.https.onRequest((req, res) => {
cors(req, res, () => {
let userId = req.body.userId;
const accessToken = req.headers.authorization.split('Bearer ')[1];
auth0Web.client.userInfo(accessToken, function(err, user) {
if (err) {
console.log(err)
res.status(403).send('Unauthorized');
} else {
if (userId == user.user_id) {
admin.auth().createCustomToken(userId)
.then(function (customToken) {
res.send(customToken)
})
.catch(function (error) {
console.log('Error creating custom token:', error)
})
} else {
res.status(403).send('Unauthorized');
}
}
});
});
});
And on your front end, just like you parseHash normally after a login, I do an ajax call to the firebase function with the Auth0 user ID which returns the custom token that we now use to sign in:
export const app = Firebase.initializeApp(fbconfig)
var result = auth0.parseHash(window.location.hash)
if (result && result.accessToken) {
var id_token = result.idToken;
window.location.hash = ''
auth0.getUserInfo(result.accessToken, function (err, profile) {
if (err) {console.log(err) }
// Get CustomFirebase Token
axios({
method: 'post',
data: {
userId: profile.user_id
},
baseURL: functionsURL,
url: '/delegateToken',
headers: {
Authorization: 'Bearer ' + result.accessToken
}
})
.then(response => {
app.auth().signInWithCustomToken(response.data).catch(function(error) {
console.log(error)
});
})
}
}
Have limited testing on this, and don’t feel 100% comfortable storing the service-account.json file on the server, but this appears to be a solution that maybe others can take and improve - please let me know if you do. Not sure why something like this didn’t come from Auth0 directly, it appears they have moved on from supporting Firebase users.