Removing Credentials

The next-firebase-auth-edge library provides a removeCookies method to remove authenticated cookies within Middleware. This is useful for situations where you want to explicitly log a user out of the app.

Removing Credentials in Middleware

To remove authenticated cookies, use the removeCookies function from next-firebase-auth-edge/lib/next/cookies. This will attach expired Set-Cookie headers to the response, prompting the browser to delete the authenticated cookies.

import {NextRequest, NextResponse} from 'next/server';
import {removeCookies} from 'next-firebase-auth-edge/lib/next/cookies';
 
//...
function forceLogout(request: NextRequest) {
  const response = NextResponse.redirect(new URL('/login', request.url));
 
  removeCookies(request.headers, response, {
    cookieName: 'AuthToken',
    cookieSerializeOptions: {
      path: '/',
      httpOnly: true,
      secure: false,
      sameSite: 'lax' as const,
      maxAge: 12 * 60 * 60 * 24
    }
  });
 
  return response;
}

Refreshing credentials Using Client-Side APIs