Advanced usage
Authentication middleware might not fully support every use-case. To help you with more complex authentication flows, next-firebase-auth-edge
provides a set of low-level building blocks:
getFirebaseAuth
getFirebaseAuth
function provides a number of server-side methods to handle more complex authentication flows.
import { getFirebaseAuth } from "next-firebase-auth-edge";
const {
getCustomIdAndRefreshTokens,
verifyIdToken,
createCustomToken,
handleTokenRefresh,
getUser,
getUserByEmail,
createUser,
updateUser,
deleteUser,
verifyAndRefreshExpiredIdToken,
setCustomUserClaims,
} = getFirebaseAuth({
apiKey: 'YOUR FIREBASE API KEY',
serviceAccount: {
projectId: 'your-firebase-project-id',
clientEmail: 'firebase-adminsdk-nnw48@your-firebase-project-id.iam.gserviceaccount.com',
privateKey: '-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n'
}
});
Options
Name | Type | Description | |
---|---|---|---|
apiKey | string | Required | Firebase Web API Key retrieved from Firebase Project settings overview page. Please note that this API Key will be visible only after you enable Firebase Authentication in your Firebase project |
serviceAccount | { projectId: string; clientEmail: string; privateKey: string } | Optional in authenticated Google Cloud Run (opens in a new tab) environment. Otherwise required | Firebase Service Account credentials |
tenantId | string | Optional | Specify if your project supports multi-tenancy (opens in a new tab) |
serviceAccountId | string | Optional | Forces specific service account ID inside authenticated Google Cloud Run (opens in a new tab) environment |
Methods
Name | Type | Description |
---|---|---|
getCustomIdAndRefreshTokens | (idToken: string, appCheckToken?: string) => Promise<IdAndRefreshTokens> | Generates a new set of id and refresh tokens for user identified by provided idToken . Accepts optional appCheckToken as a third argument. You should pass it if your app supports App Check (opens in a new tab) |
verifyIdToken | (idToken: string, checkRevoked?: boolean) => Promise<DecodedIdToken> | Verifies provided idToken . Throws AuthError . See source code (opens in a new tab) for possible error types. |
createCustomToken | (uid: string, developerClaims?: object) => Promise<string> | Creates a custom token for given firebase user. Optionally, it's possible to attach additional developerClaims |
handleTokenRefresh | (refreshToken: string) => Promise<VerifyTokenResult> | Returns id token and decodedToken for given refreshToken |
getUser | (uid: string) => Promise<UserRecord> | Returns Firebase UserRecord by uid |
getUserByEmail | (email: string) => Promise<UserRecord> | Returns Firebase UserRecord by email |
createUser | (request: CreateRequest) => Promise<UserRecord> | Creates user and returns UserRecord. See official firebase Create a user (opens in a new tab) docs for request examples |
updateUser | (uid: string, request: UpdateRequest) => Promise<UserRecord> | Updates user by uid and returns UserRecord. See official firebase Update a user (opens in a new tab) docs for request examples |
deleteUser | (uid: string) => Promise<void> | Deletes user |
setCustomUserClaims | (uid: string, customClaims: object ∣ null) => Promise<void> | Sets custom claims for given user. Overwrites existing values. Use getUser to fetch current claims |
verifyAndRefreshExpiredIdToken | (token: string, refreshToken: string) => Promise<VerifyTokenResult> | Verifies provided idToken . If token is expired, uses refreshToken to validate it. Throws InvalidTokenError if credentials are missing or malformed. |