How to check if user is authenticated in Firebase and Express/Node.js?

Question

If I have a page that can only be accessed by authenticated users, how do I check if a user is authenticated or not?

I tried using (firebase.auth().currentUser !== null) but I am getting an error saying: TypeError: firebase.auth is not a function

I have the following configuration:

const express = require('express'),
      firebase = require('firebase'),
      app = express();

app.use(express.static("/public"));

var config = {
   apiKey: "xxxx",
   authDomain: "xxxx",
   databaseURL: "xxxx",
   projectId: "xxxx",
   storageBucket: "xxxx",
   messagingSenderId: "xxxx"
};

firebase.initializeApp(config); 

app.get("/dashboard", (request, response) => {
   if (firebase.auth().currentUser !== null){
       response.render("dashboard.ejs")
   }
   else{
       response.render("login.ejs");
   }
});

Possible duplicate of [firebase.auth is not a function](https://stackoverflow.com/questions/48592656/firebase-auth-is-not-a-function) — Grimthorr, Jun 01 '18 at 13:08
I've seen this before, tried the solutions there and had no luck. What might be the case of my question is, is it better to call `firebase.auth().currentUser` or is there a better way to access this through the admin SDK? — rgoncalv, Jun 01 '18 at 13:11

score 12 · Accepted Answer · answered Jun 01 '18 at 14:17

12

Your code is in an Express app, which means it runs on the server. The Firebase SDK you're using is meant for use on client devices, and won't work well in your Express environment. There is no concept of a "current user" on the server. Of course a user ID can be passed to the server with each request, but the server itself is stateless.

In your Express server you'll want to use the Firebase Admin SDK. Have a look at this Cloud Functions sample on how to build an authenticated endpoint.

answered Jun 01 '18 at 14:17

Frank van Puffelen

565,676
79
828
807

Puff, imagine I am at the login page. I send a POST request with username and password in the body. Now, since I can't log in with the usual `firebase.auth().signInWithEmailAndPassword(email, password)` in my `app.post("/login")` express app, how should I login then? – rgoncalv Jun 01 '18 at 16:04
Don't send a post request with username and password. Send the ID token and verify *that* as shown in the example or here: https://firebase.google.com/docs/auth/admin/verify-id-tokens – Frank van Puffelen Jun 01 '18 at 23:22
Frank, I am doing as you suggested. By following the guidelines you suggested, when I send a post to `/login` with the `idToken`, and setting the header like so: `response.header("Authorization" , "Bearer " + idToken);`, it does not work. After going through SO, it seems like setting header before redirects does not work. Do you have any suggestions then? – rgoncalv Jun 17 '18 at 19:38
Check if you're doing the same as the sample I linked in my answer or this sample: https://github.com/firebase/functions-samples/tree/master/authenticated-json-api. If you think you are, and it's not working, open a new question with the [minimal, complete code that reproduces the problem](http://stackoverflow.com/help/mcve). – Frank van Puffelen Jun 17 '18 at 19:51
Frank, please take a look and help me: https://stackoverflow.com/questions/50900309/express-firebase-failing-to-set-header-before-redirect/50900752? – rgoncalv Jun 18 '18 at 01:26
Also, firebase.auth().currentUser can give me the idToken every time I call `getIdToken`, but do I need to call `getIdToken` and put it in the header every time I want to go to a new route (so that it is checked by the `validateFirebaseIdToken` middleware on the express web server)? – rgoncalv Jun 18 '18 at 01:30

How to check if user is authenticated in Firebase and Express/Node.js?

1 Answers1

Linked