@firebase-web-authn/functions v9.5.3
@firebase-web-authn/functions
A Firebase Extension for authentication with WebAuthn passkeys.
This package contains a Firebase Function that registers and authenticates WebAuthn passkeys, manages public key credentials in Firestore, and cleans up data if the user cancels the process or unlinks a passkey.
Firebase Extension deployment
See @firebase-web-authn/extension for simplified installation using firebase ext:install
.
Custom deployment
If you would rather deploy FirebaseWebAuthn from your existing Firebase Functions package, 1. Run:
% npm install @firebase-web-authn/functions --save-dev
- Export the API from your Firebase Functions package's
main
file by callinggetFirebaseWebAuthnApi
with a config object.
import { initializeApp } from "firebase-admin/app";
import { HttpsFunction } from "firebase-functions";
import { getFirebaseWebAuthnApi } from "@firebase-web-authn/functions";
getApps().length === 0 && initializeApp();
export const firebaseWebAuthnAPI: HttpsFunction = getFirebaseWebAuthnApi({...});
// Other functions...
interface FirebaseWebAuthnConfig {
authenticatorAttachment: AuthenticatorAttachment, // Preferred authenticator attachment modality. "cross-platform" allows security keys. "platform" allows passkey managers.
relyingPartyName: string, // Your app's display name in the passkey popup on some browsers.
userVerificationRequirement?: UserVerificationRequirement, // Your app's user verification requirement. "preferred" is default.
}
- Deploy your Firebase Functions:
% firebase deploy --only functions
Additional setup
- The browser must reach FirebaseWebAuthn from the same domain as your website. Modify your
firebase.json
to include a rewrite on each app where you'd like to use passkeys:{ "hosting": [ { "target": "...", "rewrites": [ { "source": "/firebase-web-authn-api", "function": "firebaseWebAuthnAPI" } ] } ] }
- Set up these services in your Firebase project:
- App Check
- Authentication with the anonymous provider
- Firestore Database
- Functions
- Grant the
Cloud Datastore User
andService Account Token Creator
roles to theApp Engine default service account
principal in Service accounts underApp Engine default service account
> Permissions. - Grant the
Cloud Functions Invoker
role to theallUsers
principal in Cloud Functions underfirebaseWebAuthnAPI
> Permissions.
10 months ago
11 months ago
11 months ago
11 months ago
11 months ago
11 months ago
11 months ago
11 months ago
11 months ago
11 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
12 months ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago