1.1.0 • Published 2 years ago

@enkeldigital/firebase-authentication v1.1.0

Weekly downloads
-
License
MIT
Repository
github
Last release
2 years ago

@enkeldigital/firebase-authentication

Plugin to use with this library to integrate with firebase authentication.

Installation

npm install @enkeldigital/firebase-authentication

# Depends on this too
npm install create-express-auth-middleware

Example

View samples folder for more specific examples

  1. Make a API call from client using this example to include an Authorization header

    Authorization: Bearer <your-client-token>

  2. If an API call is made with a valid token, you can access the decoded token object from request

    const app = require("express")();
const { create_authn_middleware, create_authz_middleware } = require("create-express-auth-middleware");
const firebaseAuthentication = require("@enkeldigital/firebase-authentication");
const { auth } = require("@enkeldigital/firebase-admin");

// Make all routes in this express app to be authentication protected.
// Meaning all routes defined later can only be called if a valid JWT is provided.
// This DOES NOT mean that routes are fully protected yet,
// as you need to ensure users have sufficient permission to access APIs using authorization middleware.
app.use(create_authn_middleware(firebaseAuthentication(auth)));

// The actual route that requires both authentication and authorization to run.
app.get(
    "/data/:userID",

    // Add authorization middleware to ensure users can only access their own data
    // Checks that the specified userID in the URL matches user's own userID value in their 'DecodedIdToken'
    // The 'jwt' property is set by the authentication middleware that is registered above
    create_authz_middleware((req) => req.jwt.userID === req.params.userID),

    // This request handler will only run if both predicate above returns true!
    (req, res) => res.status(200).json({ data: "Protected user data" })
);

  3. If authentication failed, you get a 401 code with the following response by default

    { "ok": false, "error": "Authentication Failed" }

  4. If authorization failed, you get a 403 code with the following response by default

    { "ok": false, "error": "Authorization Failed" }

License and Author

This project is made available under MIT LICENSE and written by JJ

Expressfirebaseauthenticationmiddlewareplugin
@everything-registry/sub-chunk-291
1.1.0

2 years ago

1.0.0

2 years ago