Advanced Usage
The authentication middleware may not cover every use case. To support more complex authentication flows, next-firebase-auth-edge offers a set of low-level tools:
getFirebaseAuth
The getFirebaseAuth function provides several server-side methods to manage more advanced authentication scenarios.
import {getFirebaseAuth} from 'next-firebase-auth-edge';
const {
getCustomIdAndRefreshTokens,
verifyIdToken,
createCustomToken,
handleTokenRefresh,
getUser,
getUserByEmail,
createUser,
updateUser,
deleteUser,
verifyAndRefreshExpiredIdToken,
setCustomUserClaims
} = getFirebaseAuth({
apiKey: 'YOUR FIREBASE API KEY',
serviceAccount: {
projectId: 'your-firebase-project-id',
clientEmail:
'firebase-adminsdk-nnw48@your-firebase-project-id.iam.gserviceaccount.com',
privateKey: '-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n'
}
});Options
| Name | Type | Required? | Description |
|---|---|---|---|
| apiKey | string | Required | Firebase Web API Key from the Firebase Project settings page. This key becomes visible only after you enable Firebase Authentication in your Firebase project. |
| serviceAccount | { projectId: string; clientEmail: string; privateKey: string } | Optional (required unless in Google Cloud Run (opens in a new tab) environment) | Firebase Service Account credentials. |
| tenantId | string | Optional | Specify this if your project supports multi-tenancy (opens in a new tab). |
| serviceAccountId | string | Optional | Used to specify a service account ID in a Google Cloud Run (opens in a new tab) environment. |
Methods
| Name | Type | Description |
|---|---|---|
| getCustomIdAndRefreshTokens | (idToken: string, options?: {appCheckToken?: string, referer?: string}) => Promise<CustomTokens> | Generates new ID and refresh tokens for the user identified by the given idToken. Optionally accepts an appCheckToken if your app supports App Check (opens in a new tab). Can also accept a referer if your API key is domain-restricted. |
| verifyIdToken | (idToken: string, options?: {checkRevoked?: boolean, referer?: string, currentDate?: Date}) => Promise<DecodedIdToken> | Verifies the given idToken and throws an AuthError if verification fails. You can check for revoked tokens by passing checkRevoked. The referer is used for domain-restricted API keys. Optionally set a currentDate to control when the token is validated against. |
| verifyAndRefreshExpiredIdToken | (tokens: {idToken: string, refreshToken: string, customToken?: string}, options?: {checkRevoked?: boolean, referer?: string, currentDate?: Date}) => Promise<VerifiedTokens> | Verifies the idToken, and if it's expired, uses the refreshToken to revalidate it. Throws InvalidTokenError if the credentials are invalid. The options are the same as in verifyIdToken. Returns VerifiedTokens which includes the decoded token and the new tokens. Custom token can be enabled by setting enableCustomToken option to true in authMiddleware. |
| createCustomToken | (uid: string, developerClaims?: object) => Promise<string> | Creates a custom token for the specified Firebase user. You can also pass optional developerClaims to include additional data. |
| handleTokenRefresh | (refreshToken: string, options?: {referer?: string, enableCustomToken?: boolean}) => Promise<VerifiedTokens> | Returns a new ID token and its decoded form using the given refreshToken. The referer option is used if the API key is domain-restricted. enableCustomToken should match the value you pass to authMiddleware. |
| getUser | (uid: string) => Promise<UserRecord> | Retrieves a Firebase UserRecord by the user's uid. |
| getUserByEmail | (email: string) => Promise<UserRecord> | Retrieves a Firebase UserRecord by the user's email address. |
| createUser | (request: CreateRequest) => Promise<UserRecord> | Creates a new user and returns the UserRecord. Refer to Firebase’s Create a user (opens in a new tab) documentation for details on the request structure. |
| updateUser | (uid: string, request: UpdateRequest) => Promise<UserRecord> | Updates an existing user by uid and returns the updated UserRecord. See Firebase’s Update a user (opens in a new tab) documentation for request examples. |
| deleteUser | (uid: string) => Promise<void> | Deletes the user associated with the provided uid. |
| setCustomUserClaims | (uid: string, customClaims: object ∣ null) => Promise<void> | Sets custom claims for the specified user, overwriting existing values. Use getUser to retrieve the current claims. |