Firebase and Middleware
Unanswered
Highlander posted this in #help-forum
HighlanderOP
I looked around so much and couldn't find an answer for server side middleware with firebase SO on auth I store uid in cookies and in middleware verify it. Has anyone got experience with this or a better way ?
22 Replies
What issues are you having?
Specifically?
HighlanderOP
No issues, I would just like to know if this is the most efficient way and that it is secure.
Also can't access firebase admin from next middleware so that's the only way I couldn't think of or maybe would it be to use client side middleware and redirects since User is authenticated in browser with Firebase ? or do you have any other ideas ?
So the way I do it in my internally hosted portal is by making a rest endpoint and fetching from that endpoint in the middleware.
Your escaping the edge, then reporting back to it.
Something like this, of course my solution is much more complex
The one drawback is that the middleware is suppose to be lean, but its an internal application, and im okay with routing taking a tad longer.
HighlanderOP
Ahh I see where our methods differ you verify the auth token while I send the uid of the user directly to the middleware. I feel like your way is more secure.
Sending the uid directly to the middleware from where?
Client side? You cant trust anything from the client side ever 😄
HighlanderOP
Storing it in cookies on sign in, then pulling it from middleware. also I don’t think I can do it your way because firebase admin sdk cannot be accessed in the middleware so even if I get the auth token I can’t verify it. Unless I make a route to do that and that’s so long bro just for middleware auth 😴.
Its not realllly that long. You could just make the middleware kick off when accessing api routes and before passing it along ensure they are authenticated.
HighlanderOP
I appreciate your advice bro I’ll make a branch and give it a shot, Thank you.
@Highlander I appreciate your advice bro I’ll make a branch and give it a shot, Thank you.
Np, its not the only way to do it... but its a way.
Are you using a library to handle authentication?
@Jboncz Are you using a library to handle authentication?
HighlanderOP
Firebase auth
and using next.js for everything no backend I prefer express but I wanted to try this way.
I would usually send all for his stuff to my express server literally everything
Gotcha, I dont have any experience with Firebase at all. Its an internal app and we have a SAML solution for authentication so its a bit different
HighlanderOP
Ahh I see