Authentication Emulator Ephemeral/Long Lived ID Tokens #8804
Unanswered
RafaelZasas
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I have a fairly straightforward stack:
Frontend: Flutter, NextJS
Backend: Go
The core issue I have is working on backend api endpoints/functionality that requires authentication/authorization.
We use Firebase Auth on the frontend, and the firebase admin sdk on the backend to validate ID tokens, and obtain the users auth ID, email verification status and claims.
This works really well when developing the Frontend alongside the backend, since I can use the client to send the ID token along with the request, but it is terrible if I am trying to develop the backend alone.
Our current workaround:
This works, but it is extremely frustrating.
In an ideal world, I could:
(NOTE: The above proposal is just an example, but the core point is being able to use Firebase Auth in an application, without constantly fighting to obtain a valid ID token for fake/emulated auth accounts)
It would allow us to easily:
I understand that this is an extremely sensitive area and that security around authentication is of utmost importance.
With that being said, I would like to believe that it is not impossible to do, and that I am not the only person facing the same issue.
If there is work that can be done to make the this a reality, I would love to contribute some time.
Guidance would be much appreciated.
Beta Was this translation helpful? Give feedback.
All reactions