Rotem Slootzky Rotem Slootzky - 3 months ago 25
Node.js Question

Is Firebase 3 node.js server authentication going to change?

Right now seems like the only way to authenticate a node.js server is by passing the a service account private key which means the private key lays in RAM which is something that clearly won't pass a security review.

Is this method going to change sometimes soon to something like passing a token with expiration which can be generated in a secured manner somewhere else?
I'm talking about something like Firebase 2 authentication (but not HS256 with a shared secret)
would love to get a comment from Firebase's engineers team.
Thanks

Answer

just to answer that.

you can do something like this :

  var config = {
  apiKey: "<API_KEY>",
  authDomain: "<PROJECT_ID>.firebaseapp.com",
  databaseURL: "https://<DATABASE_NAME>.firebaseio.com",
  storageBucket: "<BUCKET>.appspot.com",
};
firebase.initializeApp(config);

and then doing

firebase.auth().signInWithCustomToken(<TOKEN>)

before calling

firebase.database().ref()

you can get your config by going to your firebase's app overview (https://console.firebase.google.com/project/<APP_NAME>/overview) and pressing "Add firebase to your web app"

Comments