https://supertokens.com/ logo
Join Discord
Powered by
Question about generating a JWT for Firebase
# general
d
Question about generating a JWT for Firebase
r
Sure. What’s the question?
d
Awesome, thanks!
I am trying to follow the instructions here: https://firebase.google.com/docs/auth/admin/create-custom-tokens More specifically: https://firebase.google.com/docs/auth/admin/create-custom-tokens#create_custom_tokens_using_a_third-party_jwt_library The Firebase docs explain how to create a JWT to be used to authenticate users to Firebase. I am now trying to correlate that with SuperTokens. I have been reading this section: https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/with-jwt/about My attempt was to do this, but I think it is not correct. In any case, it is not working:
Copy code
Session.init({
  jwt: {
    enable: true,
  },
  override: {
    functions: function (originalImplementation) {
      return {
        ...originalImplementation,
        createNewSession: async function (input) {
          input.accessTokenPayload = {
            ...input.accessTokenPayload,
            role: "user”, // Not yet sure what this is, so just trying to test
            iss: ** As required by Firebase **,
            sub: ** As required by Firebase **
            aud: "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
            claims: {
              role: "user",
            }
          };

          return originalImplementation.createNewSession(input);
        },
      };
    }
  },
}),
Can you tell me what I am doing wrong here, and help get me on the right track?
My thinking was that I would just be able to use the same session token to authenticate to Firebase.
r
Does firebase expect that the token be created by it?
d
Firebase is expecting me to create the token.
It is just expecting a few parameters in the JWT.
r
But is the token supposed to be signed by firebase?
What’s the error that you are getting?
d
Oh, just a second. Let me check. That was not my understanding...
Are you saying that I should create my own custom JWT, then somehow attach it to the SuperTokens token? I.e., my approach of trying to overload the JWT creation by SuperTokens is not correct? I am still trying to read the Firebase docs to better understand what they are asking...
It says this: but seems to remain silent about how it is signed:
Copy code
You can create a custom token with the Firebase Admin SDK, or you can use a third-party JWT library if your server is written in a language which Firebase does not natively support.
Ah! Here it is:
Copy code
Custom tokens are signed JWTs where the private key used for signing belongs to a Google service account.
So yes, I guess I need to sign the JWT myself, using the Google service account key.
r
Yea exactly.
d
The JWT is trivial to create using the Firebase admin SDK, but then how would I tie that to the SuperTokens session?
r
You can do something like this:
Copy code
Session.init({
  override: {
    functions: function (originalImplementation) {
      return {
        ...originalImplementation,
        createNewSession: async function (input) {
          let firebaseToken = // create JWT using google's admin SDK
          input.accessTokenPayload = {
            ...input.accessTokenPayload,
            firebaseToken 
          };
          return originalImplementation.createNewSession(input);
        },
      };
    }
  },
}),
And then you can fetch that token from the access token payload on the frontend & backend whenever required. Also notice that i removed the jwt enable block from the Session.init since it's not required (i guess)
d
Ok, awesome, thanks! I will give that a try.
r
cool
7 Views
PreviousNext
Powered by