Skip to content
Docs
Usage guide
Usage in Google Cloud Run

Usage in Google Cloud Run Environment

Before running next-firebase-auth-edge in a Google Cloud Run environment, make sure to:

  1. Enable the IAM Service Account Credentials API (opens in a new tab).
  2. Assign the iam.serviceAccounts.signBlob permission to the IAM role attached to the default compute service account (opens in a new tab).

Once this is done, you can omit the serviceAccount option in authMiddleware, getTokens, and other functions. If serviceAccount is undefined, next-firebase-auth-edge will automatically extract credentials from the authenticated Google Cloud Run (opens in a new tab) environment.

Keep in mind that you still need to provide the Firebase apiKey.

Example authMiddleware usage:

middleware.ts
import { NextRequest, NextResponse } from "next/server";
import { authMiddleware } from "next-firebase-auth-edge";
 
export async function middleware(request: NextRequest) {
  return authMiddleware(request, {
    loginPath: "/api/login",
    logoutPath: "/api/logout",
    apiKey: "XXxxXxXXXxXxxxxx_XxxxXxxxxxXxxxXXXxxXxX",
    cookieName: "AuthToken",
    cookieSignatureKeys: ["Key-Should-Be-at-least-32-bytes-in-length"],
    cookieSerializeOptions: {
      path: "/",
      httpOnly: true,
      secure: false,
      sameSite: "lax" as const,
      maxAge: 12 * 60 * 60 * 24,
    },
  });
}

Example getTokens usage:

import { getTokens } from "next-firebase-auth-edge";
 
const tokens = await getTokens(context.req.cookies, {
    apiKey: 'XXxxXxXXXxXxxxxx_XxxxXxxxxxXxxxXXXxxXxX',
    cookieName: 'AuthToken',
    cookieSignatureKeys: ['Key-Should-Be-at-least-32-bytes-in-length'],
});
Advanced usageUsage in Firebase Hosting